WO2018076365A1 - Key negotiation method and device - Google Patents
Key negotiation method and device Download PDFInfo
- Publication number
- WO2018076365A1 WO2018076365A1 PCT/CN2016/104113 CN2016104113W WO2018076365A1 WO 2018076365 A1 WO2018076365 A1 WO 2018076365A1 CN 2016104113 W CN2016104113 W CN 2016104113W WO 2018076365 A1 WO2018076365 A1 WO 2018076365A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- ciphertext
- terminal device
- cloud server
- random number
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000004044 response Effects 0.000 claims abstract description 54
- 238000012790 confirmation Methods 0.000 claims description 26
- 238000012545 processing Methods 0.000 claims description 17
- 238000012795 verification Methods 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 abstract description 19
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Definitions
- the present application relates to the field of information security technologies, and in particular, to a key negotiation method and apparatus.
- SSL Secure Sockets Layer
- SSL Secure Sockets Layer
- the purpose of the present application is to solve at least one of the above technical problems to some extent.
- the first object of the present application is to propose a key negotiation method, which can complete the two-way identity authentication of the terminal device and the cloud server, and establish a reliable secure connection, thereby reducing the cost and improving the data transmission. Safe and efficient.
- a second object of the present application is to propose another method of key agreement.
- a third object of the present application is to propose a key agreement apparatus.
- a fourth object of the present application is to propose another key agreement apparatus.
- a fifth object of the invention is to propose an apparatus.
- a sixth object of the invention is to propose another device.
- a seventh object of the present invention is to provide a nonvolatile computer storage medium.
- An eighth object of the present invention is to provide another non-volatile computer storage medium.
- the first aspect of the present application provides a key negotiation method, including the following steps: generating a first random number, applying a first public key of a cloud server to the first random number and a terminal device.
- the identification information is encrypted to generate a first ciphertext;
- the key negotiation request is sent to the cloud server, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so as to After the first server decrypts the first ciphertext, the cloud server verifies the legality of the terminal device according to the identifier information and the second public key, and receives the cloud server to verify the terminal device.
- the encrypted first ciphertext is sent to the cloud server by the terminal device, and is decrypted by the cloud server, and the legality of the terminal device is verified according to the identifier information and the second public key, and
- the decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
- the key negotiation method in the embodiment of the present application further has the following additional technical features:
- the identifier information is a MAC address of the terminal device
- the key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server application office After decrypting the first ciphertext, the first private key verifies the legality of the terminal device according to the MAC address, the hash value, and the second public key.
- the applying the session key to encrypt the first character string negotiated in advance with the cloud server including: generating a random length of a preset length by using a random number generator according to a preset period. Splicing the random number with the first character string to generate a second character string; applying the session key to encrypt the second character string, and transmitting the third character string to the cloud server a key confirmation response of the ciphertext, wherein the cloud server applies the session key to decrypt the third ciphertext, and determines whether the key negotiation is successful according to whether the first string is included in the decryption result.
- the second aspect of the present application provides another key negotiation method, including the following steps: receiving a key negotiation request sent by a terminal device, where the key negotiation request includes: a first ciphertext And the second public key of the terminal device; the first private key of the application cloud server is used to decrypt the first ciphertext to obtain the first random number and the identification information of the terminal device, and the pre-stored query is performed according to the identifier information and the second public key.
- the license database verifies the legality of the terminal device; if the license database includes the identification information and the second public key, applying the second public key to encrypt the session key, and sending the session key to the terminal device a key agreement response including a second ciphertext, wherein the session key includes the first random number; and receiving, by the terminal device, the second private key to decrypt the second ciphertext to obtain the first a key confirmation response including a third ciphertext sent after the random number, applying the session key to decrypt the third ciphertext to obtain a decryption result; and detecting whether the decryption result includes The first string of the pre-negotiated terminal device determines whether the key negotiation is successful.
- the key negotiation method in the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs data decryption. again
- the encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after receiving the second ciphertext to verify the identity.
- the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
- the key negotiation method in the embodiment of the present application further has the following additional technical features:
- the applying the second public key to encrypt the session key comprises: generating a second random number, and splicing the second random number with the first random number to generate a session a key; the session key is encrypted by applying the second public key.
- the third aspect of the present application provides a key agreement apparatus, including: an encryption module, configured to generate a first random number, and apply a first public key of a cloud server to the first random number and The identification information of the terminal device is encrypted to generate a first ciphertext; the sending module is configured to send a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and the terminal device a second public key, after the cloud server applies the first private key to decrypt the first ciphertext, and verifies the legality of the terminal device according to the identifier information and the second public key; And a key agreement response including the second ciphertext sent by the second public key after the second public key is encrypted, and the session key is included, after the cloud server is configured to verify that the terminal device is legal.
- a decryption module configured to apply the second private key to decrypt the second ciphertext, and when the first random number is obtained, apply the session key pair in advance
- the first string negotiated by the cloud server is encrypted, and a key confirmation response including the third ciphertext is sent to the cloud server, where the cloud server applies the session key to the third ciphertext.
- Decryption processing is performed, and whether the key negotiation is successful is determined according to whether the first character string is included in the decryption result.
- the key agreement apparatus of the embodiment of the present invention sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud file through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
- the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
- the key agreement apparatus of the embodiment of the present application further has the following additional technical features:
- the identifier information is a MAC address of the terminal device
- the key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server application office After decrypting the first ciphertext, the first private key verifies the legality of the terminal device according to the MAC address, the hash value, and the second public key.
- the decrypting module is configured to: generate a random number of a preset length by using a random number generator according to a preset period; and perform splicing processing on the random number and the first character string to generate a first a second string; the second string is encrypted by applying the session key, and a key confirmation response including the third ciphertext is sent to the cloud server, where the cloud server applies the session secret Decrypting the third ciphertext by the key, and rooting Whether the key negotiation is successful is determined according to whether the first string is included in the decrypted result.
- the fourth aspect of the present application provides another key agreement apparatus, which includes: a receiving module, configured to receive a key negotiation request sent by a terminal device, where the key negotiation The request includes: a first ciphertext and a second public key of the terminal device; the query module is configured to decrypt the first ciphertext by using the first private key of the cloud server to obtain the first random number and the identifier information of the terminal device, according to the Determining the legality of the terminal device by using the identifier information and the second public key query pre-stored license database; the first processing module is configured to: when the license database includes the identifier information and the second public key, Applying the second public key to encrypt the session key, and sending a key agreement response including the second ciphertext to the terminal device, where the session key includes the first random number; and the second processing module, Receiving a key confirmation response including the third ciphertext sent by the terminal device after the second private key is decrypted by the second private key to obtain the first
- the key negotiation apparatus in the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, and decrypts the second ciphertext according to the identification information and the second public key.
- the legality, and the decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
- the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
- the key agreement apparatus of the embodiment of the present application further has the following additional technical features:
- the first processing module is configured to: generate a second random number, splicing the second random number and the first random number to generate a session key; and applying the second The public key encrypts the session key.
- An embodiment of the fifth aspect of the present invention provides an apparatus, including: one or more processors; a memory; one or more programs, the one or more programs being stored in the memory when When the plurality of processors are executed, performing the following steps: generating a first random number, encrypting the first random number and the identification information of the terminal device by using the first public key of the cloud server to generate a first ciphertext; and sending the first ciphertext to the cloud
- the server sends a key negotiation request, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first private key to decrypt the first
- the ciphertext verifying the legality of the terminal device according to the identifier information and the second public key
- after receiving the cloud server to verify that the terminal device is legal applying the second public key to the session key a key agreement response including a second ciphertext sent after encryption, wherein the session key includes the first random number; and applying the second private key to solve the second cip
- the device in the embodiment of the present application sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud device through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key, and obtains the decryption result.
- the data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
- a sixth aspect of the present invention provides an apparatus, including: one or more processors; a memory; one or more programs, the one or more programs being stored in the memory when When the multiple processors are executed, the following steps are performed: receiving a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device; and a first application cloud server
- the private key decrypts the first ciphertext to obtain the first random number and the identification information of the terminal device, and queries the pre-stored license database according to the identifier information and the second public key to verify the legality of the terminal device;
- the license database includes the identifier information and the second public key, and the second public key is used to encrypt the session key, and the key agreement response including the second ciphertext is sent to the terminal device, where
- the session key includes the first random number; and the receiving, by the terminal device, the second private key is used to decrypt the second ciphertext to obtain the first random number, and the
- the device of the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs the decrypted data again.
- the encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after receiving the second ciphertext to verify the identity.
- a seventh aspect of the present invention provides a non-volatile computer storage medium storing one or more programs, when the one or more programs are executed by a device, causing the device Performing the following steps: generating a first random number, encrypting the first random number and the identification information of the terminal device by using the first public key of the cloud server to generate a first ciphertext; and sending a key negotiation request to the cloud server,
- the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first private key to decrypt the first ciphertext, according to the Determining the legality of the terminal device by using the identifier information and the second public key; after receiving the cloud server to verify that the terminal device is legal, the second public key is used to encrypt the session key and then sent a key agreement response of the ciphertext, wherein the session key includes the first random number; applying the second private key to decrypt the second ciphertext, if obtained The first random number is used to en
- the non-volatile computer storage medium of the embodiment of the present application sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud file through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key. And encrypting the decrypted data again, sending it to the terminal device, and then decrypting the second ciphertext after the terminal device receives the second ciphertext to verify the identity.
- the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
- An eighth aspect of the present invention provides a non-volatile computer storage medium storing one or more programs, when the one or more programs are executed by one device, causing the device The following steps are performed: receiving a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device; and decrypting the first by using a first private key of the cloud server Obtaining the first random number and the identification information of the terminal device, and verifying the legality of the terminal device according to the identifier information and the second public key querying the pre-stored license database; if the license database includes the identifier information And the second public key, the second public key is used to encrypt the session key, and the key agreement response including the second ciphertext is sent to the terminal device, where the session key includes the first a random number; receiving a key including the third ciphertext sent by the terminal device after the second private key is decrypted by the second private key to obtain the first random number In response to applying the third
- the non-volatile computer storage medium of the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identification information and the second public key, and decrypts the The data is obtained for another encryption, and is simultaneously transmitted to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
- the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
- FIG. 3 is a schematic diagram of a key agreement method according to an embodiment of the present application.
- FIG. 4 is a schematic structural diagram of a key agreement apparatus according to an embodiment of the present application.
- FIG. 5 is a schematic structural diagram of a key agreement apparatus according to another embodiment of the present application.
- the CA certificate is used on the device side, and the device is authenticated by encrypting and decrypting the public and private keys of the device.
- the terminal device sends a connection request to the server, and the server sends its own CA certificate and information related to the CA certificate to the terminal device, and the terminal device checks whether the CA certificate sent by the server is issued by the CA center trusted by the server. .
- the SSL protocol is executed.
- the terminal device compares the information of the CA certificate, such as the domain name and public key, with the information previously sent by the server.
- the authentication server is legal only when the information is consistent.
- the server selects a password scheme with the highest degree of encryption from the password scheme sent by the terminal device, and notifies the terminal device after adding the password of the terminal device, and the terminal device selects the password scheme for the password scheme.
- a call key which is then sent to the server using the server's public key.
- the server receives the information sent by the terminal device, decrypts the private key to obtain the session key, and the server and the browser exchange information according to the password symmetric scheme.
- the present application proposes a key negotiation method, which can complete the two-way identity authentication of the terminal device and the cloud server, and establish a reliable secure connection, thereby reducing the cost, which improves the security and efficiency of data transmission. high. details as follows:
- FIG. 1 is a flow chart of a method of key agreement in accordance with one embodiment of the present application.
- the key negotiation method includes:
- Step 110 Generate a first random number, and apply the first public key of the cloud server to encrypt the first random number and the identification information of the terminal device to generate a first ciphertext.
- the first random number of the preset length may be generated by the random number generator.
- the preset length can be rooted Set as needed, such as 5 strings, 10 strings, and so on.
- the random number may be one or more of letters, numbers, special symbols, and the like.
- the terminal device may obtain its own identification information, and may perform an encryption operation on the obtained first random number and the identification information by using the first public key of the cloud server that is stored in advance to generate the first ciphertext.
- the identifier information may be a MAC (Media Access Control) address, or may be an International Mobile Equipment Identity (IMEI), or may be other device identification information, and may be performed according to actual application requirements. Select settings.
- MAC Media Access Control
- IMEI International Mobile Equipment Identity
- the first public key is a key that is pre-agreed with the cloud server and can encrypt the plaintext.
- the cloud server may pre-generate a pair of permanent first private key and first public key pair by using an asymmetric algorithm, and store it on the cloud server, and the cloud server sends the first public key to the terminal device. Therefore, when the terminal device initiates the connection establishment request to the cloud server, the cloud server can verify the identity of the terminal device by using the first private key to ensure that the illegal terminal device establishes a connection with the cloud server, thereby further improving the security of data transmission.
- Step 120 Send a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first public key to decrypt the first ciphertext, according to the identifier.
- the information and the second public key verify the legitimacy of the terminal device.
- the cloud server may use the first private key to decrypt the first ciphertext to obtain the first random number. And identification information.
- the identification information is the MAC address of the terminal device
- the validity of the terminal device is verified according to the MAC and the second public key by checking the license database at the same time to confirm whether the license server has generated the MAC and the second public key.
- the key negotiation request further includes a hash value of the first ciphertext, so that the cloud server applies the first public key to decrypt the first ciphertext, and then verifies the terminal device according to the MAC address, the hash value, and the second public key. legality.
- the cloud server may use the terminal device as an illegal terminal device, and no longer perform the process. Subsequent verification.
- Step 130 After receiving the cloud server to verify that the terminal device is legal, the second public key is used to encrypt the session key and then send a key agreement response including the second ciphertext, where the session key includes the first random number.
- the cloud server uses the received second public key to encrypt the session key including the first random number to obtain a second operation.
- the ciphertext is then sent to the terminal device.
- the cloud server may further generate a second random number, the first random number and the second random number.
- the number is spliced to obtain spliced data, and the spliced data is encrypted by using the received second public key to obtain a second ciphertext.
- the second ciphertext is then sent to the terminal device. That is to say, the second ciphertext further includes a second random number generated by the cloud server.
- the first random number must be included in the session key, and the second random number or other data may be added to further improve security.
- Step 140 The second public key is used to decrypt the second ciphertext. If the first random number is obtained, the session key is used to encrypt the first character string negotiated in advance with the cloud server, and the third server is sent to the cloud server. The key confirmation response of the file is used for decrypting the third ciphertext by the cloud server application session key, and determining whether the key negotiation is successful according to whether the first string is included in the decryption result.
- the terminal device decrypts the second private key of the terminal device, and after the decryption succeeds, compares the generated first random number with the decrypted plaintext information. If the comparison result includes the first random number, the terminal device confirms that the cloud server passes the authentication.
- the application session key encrypts the first character string negotiated in advance with the cloud server, and sends a key confirmation response including the third ciphertext to the cloud server for the cloud server application.
- the session key decrypts the third ciphertext, and determines whether the key negotiation is successful according to whether the first string is included in the decryption result.
- the encrypting the first character string negotiated in advance with the cloud server by using the session key may be understood as firstly generating a random number of a preset length by using a random number generator according to a preset period.
- the random number is spliced with the first character string to generate a second character string.
- the application session key encrypts the second character string, and sends a key confirmation response including the third ciphertext to the cloud server, so that the cloud server applies the session key to decrypt the third ciphertext, and decrypts according to the decryption process. Whether the result contains the first string determines whether the key negotiation is successful.
- the preset period can be set as needed, for example, 10 minutes, 20 minutes, and the like.
- the preset length can be set as needed, for example, 5 strings, 10 strings, and the like.
- the random number may be one or more of letters, numbers, special symbols, and the like.
- the splicing process can be understood as “random number + first character string”, and can also be understood as “first character string + random number”, and can also be understood as random characters arbitrarily inserted into each character of the first character string. Wait.
- the result of encrypting the second character string by using a session key pre-negotiated with the cloud server may be used as the third ciphertext by, for example, an MD5 encryption algorithm, a DES encryption algorithm, an RSA encryption algorithm, or the like.
- the third ciphertext is sent to the cloud server, and the cloud server uses the corresponding decryption.
- the algorithm performs decryption processing on the third ciphertext by using a session key pre-negotiated with the terminal device.
- the encrypted first ciphertext is sent to the cloud server by the terminal device, and is decrypted by the cloud server, and the legality of the terminal device is verified according to the identifier information and the second public key, and
- the decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
- FIG. 2 is a flow chart of a method of key agreement in accordance with another embodiment of the present application.
- the key negotiation method includes:
- Step 210 Receive a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device.
- Step 220 The first private key of the cloud server is used to decrypt the first ciphertext to obtain the first random number and the identification information of the terminal device, and the pre-stored license database is queried according to the identifier information and the second public key to verify the legality of the terminal device.
- the cloud server may use the first private key to decrypt the first ciphertext, and obtain the first random number and the identification information of the terminal device.
- step 110 For details of the identification information, refer to step 110, which is not described in detail here.
- the validity of the terminal device can be verified according to the MAC and the second public key by simultaneously querying the license database to confirm whether the license server has generated the MAC and the second public key.
- the cloud server may use the terminal device as an illegal terminal device, and no longer perform the process. Subsequent verification.
- Step 230 If the license database includes the identifier information and the second public key, encrypt the session key by applying the second public key, and send a key agreement response including the second ciphertext to the terminal device, where the session key includes the first random number.
- Step 240 The receiving terminal device applies a second private key to decrypt the second ciphertext to obtain a key acknowledgment response including the third ciphertext after the first random number is obtained, and decrypts the third ciphertext by using the session key to obtain the decryption result.
- the license database includes the identifier information and the second public key, and the session key including the first random number is encrypted by using the received second public key to obtain a second ciphertext, and then the second ciphertext is sent to Terminal Equipment.
- a second random number may be generated, the second random number is spliced with the first random number to generate a session key, and the session key is encrypted by applying a second public key.
- the cloud server sends a key agreement response including the second ciphertext to the terminal device. Therefore, the receiving terminal device uses the second private key to decrypt the second ciphertext to obtain the key acknowledgment response including the third ciphertext after the first random number is obtained, and decrypts the third ciphertext by using the session key to obtain the decrypted result.
- Step 250 Detect whether the decryption result includes whether the first string determined in advance with the terminal device determines whether the key negotiation is successful.
- the third ciphertext is sent to the cloud server, and the cloud server uses the corresponding decryption.
- the algorithm performs decryption processing on the third ciphertext by using a session key pre-negotiated with the terminal device.
- the key information that is negotiated with the terminal device is applied to encrypt or decrypt the interaction information. That is, after the key negotiation ends, the interaction information may be processed by using the key information negotiated with the terminal device, which may be one or more of encryption and decryption.
- the key negotiation method in the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs data decryption.
- the encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after it receives the second ciphertext to verify the identity.
- FIG. 3 is a schematic diagram of a key agreement method according to an embodiment of the present application.
- the smart terminal can send a key negotiation request to the cloud server by means of a wireless connection (WIFI, Bluetooth, ZigBee, etc.), wherein the key negotiation request includes the first ciphertext and the second public key.
- a wireless connection WIFI, Bluetooth, ZigBee, etc.
- the first ciphertext is obtained by encrypting the first random number R1 and the MAC address of the terminal device by using the first public key of the cloud server.
- the key negotiation request may be decrypted to obtain corresponding plaintext information, that is, the first random number R1, the MAC address of the terminal device, and the second public key of the terminal device.
- the cloud server may further generate a second random number R2, and then encrypt the first random number R1 and the second random number R2 obtained by using the second public key to obtain a second ciphertext, and send the second ciphertext to the terminal device.
- the terminal device may use the second private key to decrypt the second ciphertext, and after the decryption succeeds, send the encrypted authentication pass information to the cloud server, where the authentication pass information is sent. It may be that the pre-set confirmation information ("OK" or the like in FIG. 3) is encrypted and generated based on the first random number R1 and the second random number R2.
- the cloud server decrypts the information to obtain pre-set character information, and then establishes a secure communication connection according to the authentication pass information.
- the encrypted first ciphertext is sent to the cloud server by the terminal device, and is decrypted by the cloud server, and the legality of the terminal device is verified according to the identifier information and the second public key, and
- the decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
- the two-way identity of the terminal device and the cloud server can be completed. Proof and establish a reliable and secure connection, which reduces costs, which improves the security and efficiency of data transmission.
- the present application also proposes a key agreement apparatus.
- FIG. 4 is a schematic structural diagram of a key agreement apparatus according to an embodiment of the present application.
- the key agreement apparatus may include an encryption module 41, a sending module 42, a response module 43, and a decryption module 44.
- the cryptographic module 41 is configured to generate a first random number, and apply the first public key of the cloud server to encrypt the first random number and the identification information of the terminal device to generate the first ciphertext.
- the sending module 42 is configured to send a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first private key to decrypt the first ciphertext, The validity of the terminal device is verified according to the identification information and the second public key.
- the response module 43 is configured to receive a key agreement response that includes the second ciphertext after the cloud server verifies that the terminal device is legal, and the second public key is used to encrypt the session key, where the session key includes the first random number.
- the decryption module 44 is configured to use the second private key to decrypt the second ciphertext.
- the application session key encrypts the first string negotiated in advance with the cloud server, and sends the first string to the cloud server.
- the key confirmation response of the third ciphertext is used for decrypting the third ciphertext by the cloud server application session key, and determining whether the key negotiation is successful according to whether the first string is included in the decryption result.
- the identifier information is a MAC address of the terminal device
- the key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server applies the first private key to decrypt the first ciphertext. After that, the validity of the terminal device is verified according to the MAC address, the hash value, and the second public key.
- the decrypting module 44 is configured to generate a random number of a preset length by using a random number generator according to a preset period, and perform a splicing process on the random number and the first character string to generate a second character string. Encrypting the second character string by using the session key, and sending a key confirmation response including the third ciphertext to the cloud server, so that the cloud server applies the session key to decrypt the third ciphertext, and according to whether the decryption result is The first string is included to determine if the key negotiation is successful.
- the key agreement device provided by the embodiment of the present invention corresponds to the key agreement method provided by the foregoing first embodiment. Therefore, the implementation manner of the foregoing key negotiation method is also applicable to the key agreement device provided in this embodiment. This embodiment will not be described in detail.
- the key agreement apparatus of the embodiment of the present invention sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud file through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
- the two-way identity of the terminal device and the cloud server can be completed. Proof and establish a reliable and secure connection, which reduces costs, which improves the security and efficiency of data transmission.
- FIG. 5 is a schematic structural diagram of a key agreement apparatus according to another embodiment of the present application.
- the key agreement apparatus may include: a receiving module 51, a querying module 52, a first processing module 53, a second processing module 54, and a detecting module 55.
- the receiving module 51 is configured to receive a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device.
- the query module 52 is configured to use the first private key of the cloud server to decrypt the first ciphertext to obtain the first random number and the identification information of the terminal device, and query the pre-stored license database according to the identifier information and the second public key to verify the legality of the terminal device.
- the first processing module 53 is configured to: when the license database includes the identifier information and the second public key, apply the second public key to encrypt the session key, and send a key agreement response including the second ciphertext to the terminal device, where the session is dense
- the key includes a first random number.
- the second processing module 54 is configured to receive a key confirmation response including a third ciphertext sent by the terminal device after the second private cipher is decrypted by the second private cipher, and decrypt the third ciphertext by using the session key to obtain the decryption. result.
- the detecting module 55 is configured to detect whether the decryption result includes whether the first string determined in advance with the terminal device determines whether the key negotiation is successful.
- the first processing module 53 is configured to generate a second random number, splicing the second random number with the first random number to generate a session key, and applying the second public key to the session key. encryption.
- the key agreement device provided by the embodiment of the present invention corresponds to the key negotiation method provided in the foregoing second embodiment. Therefore, the implementation of the foregoing key negotiation method is also applicable to the key agreement device provided in this embodiment. This embodiment will not be described in detail.
- the key agreement apparatus of the embodiment of the present invention receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs data decryption.
- the encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after it receives the second ciphertext to verify the identity.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
本申请涉及信息安全技术领域,尤其涉及一种密钥协商方法及装置。The present application relates to the field of information security technologies, and in particular, to a key negotiation method and apparatus.
通常,SSL(Secure Sockets Layer,安全套接层)作为一种为网络通信提供安全及数据完整性的安全协议,常被用于终端设备在与相关服务器通信时,对通信双方身份的确认,以及为了避免数据的泄漏对通信数据的加密等。Generally, SSL (Secure Sockets Layer) is a security protocol that provides security and data integrity for network communication. It is often used to confirm the identity of the communicating parties when the terminal device communicates with the relevant server, and Avoid data leakage, encryption of communication data, etc.
然而,上述使用SSL协议进行安全服务的方式中,由于SSL内存占用率大,多数终端设备无法运行SSL,且SSL在进行服务的过程中,需借助第三方CA公司,操作过于复杂。以及只能对服务器进行身份认证,无法对终端设备进行身份认证,安全性低。However, in the above-mentioned way of using the SSL protocol for security services, most of the terminal devices cannot run SSL because of the large SSL memory usage, and the SSL is required to use a third-party CA company in the process of performing the service, and the operation is too complicated. And the server can only be authenticated, the terminal device cannot be authenticated, and the security is low.
发明内容Summary of the invention
本申请的目的旨在至少在一定程度上解决上述的技术问题之一。The purpose of the present application is to solve at least one of the above technical problems to some extent.
为此,本申请的第一个目的在于提出一种密钥协商方法,该方法可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。To this end, the first object of the present application is to propose a key negotiation method, which can complete the two-way identity authentication of the terminal device and the cloud server, and establish a reliable secure connection, thereby reducing the cost and improving the data transmission. Safe and efficient.
本申请的第二个目的在于提出另一种密钥协商方法。A second object of the present application is to propose another method of key agreement.
本申请的第三个目的在于提出一种密钥协商装置。A third object of the present application is to propose a key agreement apparatus.
本申请的第四个目的在于提出另一种密钥协商装置。A fourth object of the present application is to propose another key agreement apparatus.
本发明的第五个目的在于提出一种设备。A fifth object of the invention is to propose an apparatus.
本发明的第六个目的在于提出另一种设备。A sixth object of the invention is to propose another device.
本发明的第七个目的在于提出一种非易失性计算机存储介质。A seventh object of the present invention is to provide a nonvolatile computer storage medium.
本发明的第八个目的在于提出另一种非易失性计算机存储介质。An eighth object of the present invention is to provide another non-volatile computer storage medium.
为了实现上述目的,本申请第一方面实施例提出了一种密钥协商方法,包括以下步骤:生成第一随机数,应用云端服务器的第一公钥对所述第一随机数和终端设备的标识信息进行加密生成第一密文;向所述云端服务器发送密钥协商请求,其中,所述密钥协商请求包括:所述第一密文和所述终端设备的第二公钥,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述标识信息和所述第二公钥验证所述终端设备的合法性;接收所述云端服务器验证所述终端设备合法后,应用所述第二公钥对会话密钥加密后发送的包 括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;应用所述第二私钥对所述第二密文进行解密,如果获得所述第一随机数,则应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。In order to achieve the above object, the first aspect of the present application provides a key negotiation method, including the following steps: generating a first random number, applying a first public key of a cloud server to the first random number and a terminal device. The identification information is encrypted to generate a first ciphertext; the key negotiation request is sent to the cloud server, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so as to After the first server decrypts the first ciphertext, the cloud server verifies the legality of the terminal device according to the identifier information and the second public key, and receives the cloud server to verify the terminal device. After being legal, the packet sent by encrypting the session key by applying the second public key a key agreement response of the second ciphertext, wherein the session key includes the first random number; applying the second private key to decrypt the second ciphertext, if the first random number is obtained And the first session string negotiated with the cloud server is encrypted by using the session key, and the key confirmation response including the third ciphertext is sent to the cloud server for the cloud server Decrypting the third ciphertext by using the session key, and determining whether the key negotiation is successful according to whether the first string is included in the decryption result.
本申请实施例的密钥协商方法,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。In the key negotiation method of the embodiment of the present application, the encrypted first ciphertext is sent to the cloud server by the terminal device, and is decrypted by the cloud server, and the legality of the terminal device is verified according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
另外,本申请实施例的密钥协商方法,,还具有如下附加的技术特征:In addition, the key negotiation method in the embodiment of the present application further has the following additional technical features:
在本申请的一个实施例中,所述标识信息为所述终端设备的MAC地址;所述密钥协商请求中还包括:所述第一密文的哈希值,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述MAC地址、所述哈希值和所述第二公钥验证所述终端设备的合法性。In an embodiment of the present application, the identifier information is a MAC address of the terminal device, and the key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server application office After decrypting the first ciphertext, the first private key verifies the legality of the terminal device according to the MAC address, the hash value, and the second public key.
在本申请的一个实施例中,所述应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,包括:按照预设周期通过随机数发生器生成预设长度的随机数;将所述随机数与所述第一字符串进行拼接处理生成第二字符串;应用所述会话密钥对所述第二字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。In an embodiment of the present application, the applying the session key to encrypt the first character string negotiated in advance with the cloud server, including: generating a random length of a preset length by using a random number generator according to a preset period. Splicing the random number with the first character string to generate a second character string; applying the session key to encrypt the second character string, and transmitting the third character string to the cloud server a key confirmation response of the ciphertext, wherein the cloud server applies the session key to decrypt the third ciphertext, and determines whether the key negotiation is successful according to whether the first string is included in the decryption result. .
为了实现上述目的,本申请第二方面实施例提出了另一种密钥协商方法,包括以下步骤:接收终端设备发送的密钥协商请求,其中,所述密钥协商请求包括:第一密文和终端设备的第二公钥;应用云端服务器的第一私钥解密所述第一密文获取第一随机数和终端设备的标识信息,根据所述标识信息和所述第二公钥查询预存的许可数据库验证所述终端设备的合法性;如果所述许可数据库包括所述标识信息和所述第二公钥,则应用所述第二公钥对会话密钥加密,向所述终端设备发送包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;接收所述终端设备应用所述第二私钥解密所述第二密文获取所述第一随机数后发送的包括第三密文的密钥确认响应,应用所述会话密钥解密所述第三密文获取解密结果;检测所述解密结果中是否包含与所述终端设备预先协商的第一字符串确定密钥协商是否成功。In order to achieve the above object, the second aspect of the present application provides another key negotiation method, including the following steps: receiving a key negotiation request sent by a terminal device, where the key negotiation request includes: a first ciphertext And the second public key of the terminal device; the first private key of the application cloud server is used to decrypt the first ciphertext to obtain the first random number and the identification information of the terminal device, and the pre-stored query is performed according to the identifier information and the second public key. The license database verifies the legality of the terminal device; if the license database includes the identification information and the second public key, applying the second public key to encrypt the session key, and sending the session key to the terminal device a key agreement response including a second ciphertext, wherein the session key includes the first random number; and receiving, by the terminal device, the second private key to decrypt the second ciphertext to obtain the first a key confirmation response including a third ciphertext sent after the random number, applying the session key to decrypt the third ciphertext to obtain a decryption result; and detecting whether the decryption result includes The first string of the pre-negotiated terminal device determines whether the key negotiation is successful.
本申请实施例的密钥协商方法,接收终端设备发送的加密的第一密文,以并对其进行解密再根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的 加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The key negotiation method in the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs data decryption. again The encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after receiving the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
另外,本申请实施例的密钥协商方法,还具有如下附加的技术特征:In addition, the key negotiation method in the embodiment of the present application further has the following additional technical features:
在本申请的一个实施例中,所述应用所述第二公钥对会话密钥加密,包括:生成第二随机数,将所述第二随机数与所述第一随机数进行拼接生成会话密钥;应用所述第二公钥对所述会话密钥加密。In an embodiment of the present application, the applying the second public key to encrypt the session key comprises: generating a second random number, and splicing the second random number with the first random number to generate a session a key; the session key is encrypted by applying the second public key.
为了实现上述目的,本申请第三方面实施例提出了一种密钥协商装置,包括:加密模块,用于生成第一随机数,应用云端服务器的第一公钥对所述第一随机数和终端设备的标识信息进行加密生成第一密文;发送模块,用于向所述云端服务器发送密钥协商请求,其中,所述密钥协商请求包括:所述第一密文和所述终端设备的第二公钥,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述标识信息和所述第二公钥验证所述终端设备的合法性;响应模块,用于接收所述云端服务器验证所述终端设备合法后,应用所述第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;解密模块,用于应用所述第二私钥对所述第二密文进行解密,在获得所述第一随机数时,应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。In order to achieve the above object, the third aspect of the present application provides a key agreement apparatus, including: an encryption module, configured to generate a first random number, and apply a first public key of a cloud server to the first random number and The identification information of the terminal device is encrypted to generate a first ciphertext; the sending module is configured to send a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and the terminal device a second public key, after the cloud server applies the first private key to decrypt the first ciphertext, and verifies the legality of the terminal device according to the identifier information and the second public key; And a key agreement response including the second ciphertext sent by the second public key after the second public key is encrypted, and the session key is included, after the cloud server is configured to verify that the terminal device is legal. a first random number; a decryption module, configured to apply the second private key to decrypt the second ciphertext, and when the first random number is obtained, apply the session key pair in advance The first string negotiated by the cloud server is encrypted, and a key confirmation response including the third ciphertext is sent to the cloud server, where the cloud server applies the session key to the third ciphertext. Decryption processing is performed, and whether the key negotiation is successful is determined according to whether the first character string is included in the decryption result.
本申请实施例的密钥协商装置,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The key agreement apparatus of the embodiment of the present invention sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud file through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
另外,本申请实施例的密钥协商装置,还具有如下附加的技术特征:In addition, the key agreement apparatus of the embodiment of the present application further has the following additional technical features:
在本申请的一个实施例中,所述标识信息为所述终端设备的MAC地址;所述密钥协商请求中还包括:所述第一密文的哈希值,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述MAC地址、所述哈希值和所述第二公钥验证所述终端设备的合法性。In an embodiment of the present application, the identifier information is a MAC address of the terminal device, and the key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server application office After decrypting the first ciphertext, the first private key verifies the legality of the terminal device according to the MAC address, the hash value, and the second public key.
在本申请的一个实施例中,所述解密模块用于:按照预设周期通过随机数发生器生成预设长度的随机数;将所述随机数与所述第一字符串进行拼接处理生成第二字符串;应用所述会话密钥对所述第二字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根 据解密结果中是否包含所述第一字符串确定密钥协商是否成功。In an embodiment of the present application, the decrypting module is configured to: generate a random number of a preset length by using a random number generator according to a preset period; and perform splicing processing on the random number and the first character string to generate a first a second string; the second string is encrypted by applying the session key, and a key confirmation response including the third ciphertext is sent to the cloud server, where the cloud server applies the session secret Decrypting the third ciphertext by the key, and rooting Whether the key negotiation is successful is determined according to whether the first string is included in the decrypted result.
为了实现上述目的,本申请第四方面实施例提出了另一种密钥协商装置,其特征在于,包括:接收模块,用于接收终端设备发送的密钥协商请求,其中,所述密钥协商请求包括:第一密文和终端设备的第二公钥;查询模块,用于应用云端服务器的第一私钥解密所述第一密文获取第一随机数和终端设备的标识信息,根据所述标识信息和所述第二公钥查询预存的许可数据库验证所述终端设备的合法性;第一处理模块,用于在所述许可数据库包括所述标识信息和所述第二公钥时,应用所述第二公钥对会话密钥加密,向所述终端设备发送包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;第二处理模块,用于接收所述终端设备应用所述第二私钥解密所述第二密文获取所述第一随机数后发送的包括第三密文的密钥确认响应,应用所述会话密钥解密所述第三密文获取解密结果;检测模块,用于检测所述解密结果中是否包含与所述终端设备预先协商的第一字符串确定密钥协商是否成功。In order to achieve the above object, the fourth aspect of the present application provides another key agreement apparatus, which includes: a receiving module, configured to receive a key negotiation request sent by a terminal device, where the key negotiation The request includes: a first ciphertext and a second public key of the terminal device; the query module is configured to decrypt the first ciphertext by using the first private key of the cloud server to obtain the first random number and the identifier information of the terminal device, according to the Determining the legality of the terminal device by using the identifier information and the second public key query pre-stored license database; the first processing module is configured to: when the license database includes the identifier information and the second public key, Applying the second public key to encrypt the session key, and sending a key agreement response including the second ciphertext to the terminal device, where the session key includes the first random number; and the second processing module, Receiving a key confirmation response including the third ciphertext sent by the terminal device after the second private key is decrypted by the second private key to obtain the first ciphertext, and applying the conference Decrypting the third ciphertext decryption result acquired; a detection module for detecting whether the decryption result string comprising a first pre-negotiated with the terminal device determines whether the key negotiation is successful.
本申请实施例的密钥协商装置,本申请实施例的密钥协商方法,接收终端设备发送的加密的第一密文,以并对其进行解密再根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The key negotiation apparatus in the embodiment of the present application, the key negotiation method in the embodiment of the present application, receives the encrypted first ciphertext sent by the terminal device, and decrypts the second ciphertext according to the identification information and the second public key. The legality, and the decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
另外,本申请实施例的密钥协商装置,还具有如下附加的技术特征:In addition, the key agreement apparatus of the embodiment of the present application further has the following additional technical features:
在本申请的一个实施例中,所述第一处理模块用于:生成第二随机数,将所述第二随机数与所述第一随机数进行拼接生成会话密钥;应用所述第二公钥对所述会话密钥加密。In an embodiment of the present application, the first processing module is configured to: generate a second random number, splicing the second random number and the first random number to generate a session key; and applying the second The public key encrypts the session key.
本发明第五方面实施例提供了一种设备,包括:一个或者多个处理器;存储器;一个或者多个程序,所述一个或者多个程序存储在所述存储器中,当被所述一个或者多个处理器执行时,执行以下步骤:生成第一随机数,应用云端服务器的第一公钥对所述第一随机数和终端设备的标识信息进行加密生成第一密文;向所述云端服务器发送密钥协商请求,其中,所述密钥协商请求包括:所述第一密文和所述终端设备的第二公钥,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述标识信息和所述第二公钥验证所述终端设备的合法性;接收所述云端服务器验证所述终端设备合法后,应用所述第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;应用所述第二私钥对所述第二密文进行解密,如果获得所述第一随机数,则应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。 An embodiment of the fifth aspect of the present invention provides an apparatus, including: one or more processors; a memory; one or more programs, the one or more programs being stored in the memory when When the plurality of processors are executed, performing the following steps: generating a first random number, encrypting the first random number and the identification information of the terminal device by using the first public key of the cloud server to generate a first ciphertext; and sending the first ciphertext to the cloud The server sends a key negotiation request, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first private key to decrypt the first After the ciphertext, verifying the legality of the terminal device according to the identifier information and the second public key; and after receiving the cloud server to verify that the terminal device is legal, applying the second public key to the session key a key agreement response including a second ciphertext sent after encryption, wherein the session key includes the first random number; and applying the second private key to solve the second ciphertext And if the first random number is obtained, applying the session key to encrypt a first character string negotiated in advance with the cloud server, and sending a key confirmation including the third ciphertext to the cloud server. In response, the cloud server applies the session key to decrypt the third ciphertext, and determines whether the key negotiation is successful according to whether the first string is included in the decryption result.
本申请实施例的设备,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The device in the embodiment of the present application sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud device through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key, and obtains the decryption result. The data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
本发明第六方面实施例提供了一种设备,包括:一个或者多个处理器;存储器;一个或者多个程序,所述一个或者多个程序存储在所述存储器中,当被所述一个或者多个处理器执行时,执行以下步骤:接收终端设备发送的密钥协商请求,其中,所述密钥协商请求包括:第一密文和终端设备的第二公钥;应用云端服务器的第一私钥解密所述第一密文获取第一随机数和终端设备的标识信息,根据所述标识信息和所述第二公钥查询预存的许可数据库验证所述终端设备的合法性;如果所述许可数据库包括所述标识信息和所述第二公钥,则应用所述第二公钥对会话密钥加密,向所述终端设备发送包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;接收所述终端设备应用所述第二私钥解密所述第二密文获取所述第一随机数后发送的包括第三密文的密钥确认响应,应用所述会话密钥解密所述第三密文获取解密结果;检测所述解密结果中是否包含与所述终端设备预先协商的第一字符串确定密钥协商是否成功。A sixth aspect of the present invention provides an apparatus, including: one or more processors; a memory; one or more programs, the one or more programs being stored in the memory when When the multiple processors are executed, the following steps are performed: receiving a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device; and a first application cloud server The private key decrypts the first ciphertext to obtain the first random number and the identification information of the terminal device, and queries the pre-stored license database according to the identifier information and the second public key to verify the legality of the terminal device; The license database includes the identifier information and the second public key, and the second public key is used to encrypt the session key, and the key agreement response including the second ciphertext is sent to the terminal device, where The session key includes the first random number; and the receiving, by the terminal device, the second private key is used to decrypt the second ciphertext to obtain the first random number, and the a key confirmation response of the ciphertext, applying the session key to decrypt the third ciphertext to obtain a decryption result; and detecting whether the decryption result includes a first string determined in advance by the terminal device to determine whether the key negotiation is success.
本申请实施例的设备,接收终端设备发送的加密的第一密文,以并对其进行解密再根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The device of the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs the decrypted data again. The encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after receiving the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
本发明第七方面实施例提供了一种非易失性计算机存储介质,所述计算机存储介质存储有一个或者多个程序,当所述一个或者多个程序被一个设备执行时,使得所述设备执行以下步骤:生成第一随机数,应用云端服务器的第一公钥对所述第一随机数和终端设备的标识信息进行加密生成第一密文;向所述云端服务器发送密钥协商请求,其中,所述密钥协商请求包括:所述第一密文和所述终端设备的第二公钥,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述标识信息和所述第二公钥验证所述终端设备的合法性;接收所述云端服务器验证所述终端设备合法后,应用所述第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;应用所述第二私钥对所述第二密文进行解密,如果获得所述第一随机数,则应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密 处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。A seventh aspect of the present invention provides a non-volatile computer storage medium storing one or more programs, when the one or more programs are executed by a device, causing the device Performing the following steps: generating a first random number, encrypting the first random number and the identification information of the terminal device by using the first public key of the cloud server to generate a first ciphertext; and sending a key negotiation request to the cloud server, The key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first private key to decrypt the first ciphertext, according to the Determining the legality of the terminal device by using the identifier information and the second public key; after receiving the cloud server to verify that the terminal device is legal, the second public key is used to encrypt the session key and then sent a key agreement response of the ciphertext, wherein the session key includes the first random number; applying the second private key to decrypt the second ciphertext, if obtained The first random number is used to encrypt the first character string negotiated in advance with the cloud server by using the session key, and send a key confirmation response including the third ciphertext to the cloud server for the Decoding the third ciphertext by using the session key by the cloud server Processing, and determining whether the key negotiation is successful according to whether the first string is included in the decrypted result.
本申请实施例的非易失性计算机存储介质,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The non-volatile computer storage medium of the embodiment of the present application sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud file through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key. And encrypting the decrypted data again, sending it to the terminal device, and then decrypting the second ciphertext after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
本发明第八方面实施例提供了一种非易失性计算机存储介质,所述计算机存储介质存储有一个或者多个程序,当所述一个或者多个程序被一个设备执行时,使得所述设备执行以下步骤:接收终端设备发送的密钥协商请求,其中,所述密钥协商请求包括:第一密文和终端设备的第二公钥;应用云端服务器的第一私钥解密所述第一密文获取第一随机数和终端设备的标识信息,根据所述标识信息和所述第二公钥查询预存的许可数据库验证所述终端设备的合法性;如果所述许可数据库包括所述标识信息和所述第二公钥,则应用所述第二公钥对会话密钥加密,向所述终端设备发送包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;接收所述终端设备应用所述第二私钥解密所述第二密文获取所述第一随机数后发送的包括第三密文的密钥确认响应,应用所述会话密钥解密所述第三密文获取解密结果;检测所述解密结果中是否包含与所述终端设备预先协商的第一字符串确定密钥协商是否成功。An eighth aspect of the present invention provides a non-volatile computer storage medium storing one or more programs, when the one or more programs are executed by one device, causing the device The following steps are performed: receiving a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device; and decrypting the first by using a first private key of the cloud server Obtaining the first random number and the identification information of the terminal device, and verifying the legality of the terminal device according to the identifier information and the second public key querying the pre-stored license database; if the license database includes the identifier information And the second public key, the second public key is used to encrypt the session key, and the key agreement response including the second ciphertext is sent to the terminal device, where the session key includes the first a random number; receiving a key including the third ciphertext sent by the terminal device after the second private key is decrypted by the second private key to obtain the first random number In response to applying the third session key to decrypt the ciphertext decryption result acquired; detecting whether the decryption result string comprising a first pre-negotiated with the terminal device determines whether the key negotiation is successful.
本申请实施例的非易失性计算机存储介质,接收终端设备发送的加密的第一密文,以并对其进行解密再根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The non-volatile computer storage medium of the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identification information and the second public key, and decrypts the The data is obtained for another encryption, and is simultaneously transmitted to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
本申请附加的方面和优点将在下面的描述中部分给出,部分将从下面的描述中变得明显,或通过本申请的实践了解到。The aspects and advantages of the present invention will be set forth in part in the description which follows.
本申请上述的和/或附加的方面和优点从下面结合附图对实施例的描述中将变得明显和容易理解,其中:The above and/or additional aspects and advantages of the present invention will become apparent and readily understood from
图1是根据本申请一个实施例的密钥协商方法的流程图;1 is a flowchart of a key agreement method according to an embodiment of the present application;
图2是根据本申请另一个实施例的密钥协商方法的流程;2 is a flowchart of a key agreement method according to another embodiment of the present application;
图3是根据本申请一个实施例的密钥协商方法的示意图; FIG. 3 is a schematic diagram of a key agreement method according to an embodiment of the present application; FIG.
图4是根据本申请一个实施例的密钥协商装置的结构示意图;4 is a schematic structural diagram of a key agreement apparatus according to an embodiment of the present application;
图5是根据本申请另一个实施例的密钥协商装置的结构示意图。FIG. 5 is a schematic structural diagram of a key agreement apparatus according to another embodiment of the present application.
下面详细描述本申请的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,旨在用于解释本申请,而不能理解为对本申请的限制。The embodiments of the present application are described in detail below, and the examples of the embodiments are illustrated in the drawings, wherein the same or similar reference numerals are used to refer to the same or similar elements or elements having the same or similar functions. The embodiments described below with reference to the accompanying drawings are intended to be illustrative, and are not to be construed as limiting.
下面参考附图描述本申请实施例的密钥协商方法及装置。The key negotiation method and apparatus of the embodiment of the present application are described below with reference to the accompanying drawings.
通常,SSL在为网络通信提供安全服务时,在设备端使用CA证书,通过设备的公私钥配对加解密,完成对服务器的认证。Generally, when SSL provides security services for network communication, the CA certificate is used on the device side, and the device is authenticated by encrypting and decrypting the public and private keys of the device.
举例而言,终端设备发送一个连接请求至服务器,服务器将自己的CA证书,以及与CA证书相关的信息发送至终端设备,终端设备检查服务器发送的CA证书是否是由自己信赖的CA中心签发的。For example, the terminal device sends a connection request to the server, and the server sends its own CA certificate and information related to the CA certificate to the terminal device, and the terminal device checks whether the CA certificate sent by the server is issued by the CA center trusted by the server. .
如果是,则继续执行SSL协议,终端设备比较CA证书的信息,比如域名、公钥等信息,与服务器先前发送的相关信息是否一致,只有在信息一致时,认证服务器身份合法。If yes, the SSL protocol is executed. The terminal device compares the information of the CA certificate, such as the domain name and public key, with the information previously sent by the server. The authentication server is legal only when the information is consistent.
进而,在服务器合法时,服务器从终端设备发送过来的密码方案中,选择一种加密程度最高的密码方案,用终端设备的公钥加过密后通知终端设备,终端设备针对该密码方案,选择一个通话密钥,进而使用服务器的公钥加过密后发送给服务器。Further, when the server is legal, the server selects a password scheme with the highest degree of encryption from the password scheme sent by the terminal device, and notifies the terminal device after adding the password of the terminal device, and the terminal device selects the password scheme for the password scheme. A call key, which is then sent to the server using the server's public key.
从而,服务器接收到终端设备发送过来的信息,通过自己的私钥解密获得通话密钥,进而服务器、浏览器根据密码对称方案进行信息交互。Therefore, the server receives the information sent by the terminal device, decrypts the private key to obtain the session key, and the server and the browser exchange information according to the password symmetric scheme.
由此,可以看出在使用SSL协议进行通信时,只能对服务器进行身份认证,无法对终端设备进行身份认证,且SSL相对太过庞大,多数终端设备无法运行SSL,可行性低,并且由于SSL需要借助第三方CA公司,操作过于复杂。以及只能对服务器进行身份认证,无法对终端设备进行身份认证,安全性低。Therefore, it can be seen that when using the SSL protocol for communication, only the server can be authenticated, the terminal device cannot be authenticated, and the SSL is relatively too large. Most terminal devices cannot run SSL, which is low in feasibility and SSL requires the help of a third-party CA company, and the operation is too complicated. And the server can only be authenticated, the terminal device cannot be authenticated, and the security is low.
为了解决上述问题,本申请提出了一种密钥协商方法,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。具体如下:In order to solve the above problem, the present application proposes a key negotiation method, which can complete the two-way identity authentication of the terminal device and the cloud server, and establish a reliable secure connection, thereby reducing the cost, which improves the security and efficiency of data transmission. high. details as follows:
图1是根据本申请一个实施例的密钥协商方法的流程图。1 is a flow chart of a method of key agreement in accordance with one embodiment of the present application.
如图1所示,该密钥协商方法包括:As shown in FIG. 1, the key negotiation method includes:
步骤110,生成第一随机数,应用云端服务器的第一公钥对第一随机数和终端设备的标识信息进行加密生成第一密文。Step 110: Generate a first random number, and apply the first public key of the cloud server to encrypt the first random number and the identification information of the terminal device to generate a first ciphertext.
具体地,可以通过随机数发生器生成预设长度的第一随机数。其中,预设长度可以根 据需要进行设置,例如5个字符串、10个字符串等。其中,随机数可以是字母、数字和特殊符号等中的一种或者多种。Specifically, the first random number of the preset length may be generated by the random number generator. Where the preset length can be rooted Set as needed, such as 5 strings, 10 strings, and so on. The random number may be one or more of letters, numbers, special symbols, and the like.
进一步地,终端设备可以获取自身的标识信息,并可使用预先存储的云端服务器的第一公钥对得到的第一随机数和标识信息进行加密操作,以生成第一密文。Further, the terminal device may obtain its own identification information, and may perform an encryption operation on the obtained first random number and the identification information by using the first public key of the cloud server that is stored in advance to generate the first ciphertext.
其中,标识信息可以是MAC(Media Access Control,媒体访问控制)地址,也可以是IMEI(International Mobile Equipment Identity,国际移动设备身份码),还可以是其他的设备标识信息,可以根据实际应用需要进行选择设置。The identifier information may be a MAC (Media Access Control) address, or may be an International Mobile Equipment Identity (IMEI), or may be other device identification information, and may be performed according to actual application requirements. Select settings.
其中,第一公钥是与云端服务器预先约定设置的可以对明文进行加密的密钥。The first public key is a key that is pre-agreed with the cloud server and can encrypt the plaintext.
举例而言,云端服务器可预先使用非对称算法生成一对永久的第一私钥和第一公钥对,并存储在云端服务器上,同时云端服务器会将第一公钥发送给终端设备上。从而在终端设备向云端服务器发起建立连接请求时,云端服务器能够根第一私钥验证终端设备的身份,以保证非法终端设备与云端服务器建立连接,进一步提高数据传输的安全性。For example, the cloud server may pre-generate a pair of permanent first private key and first public key pair by using an asymmetric algorithm, and store it on the cloud server, and the cloud server sends the first public key to the terminal device. Therefore, when the terminal device initiates the connection establishment request to the cloud server, the cloud server can verify the identity of the terminal device by using the first private key to ensure that the illegal terminal device establishes a connection with the cloud server, thereby further improving the security of data transmission.
步骤120,向云端服务器发送密钥协商请求,其中,密钥协商请求包括:第一密文和终端设备的第二公钥,以便云端服务器应用第一公钥解密第一密文后,根据标识信息和第二公钥验证终端设备的合法性。Step 120: Send a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first public key to decrypt the first ciphertext, according to the identifier. The information and the second public key verify the legitimacy of the terminal device.
具体地,终端设备在向云端服务器发送包括第一密文和终端设备的第二公钥的密钥协商请求后,云端服务器可以应用第一私钥解密第一密文后,得到第一随机数和标识信息。Specifically, after the terminal device sends the key negotiation request including the first ciphertext and the second public key of the terminal device to the cloud server, the cloud server may use the first private key to decrypt the first ciphertext to obtain the first random number. And identification information.
其中,当标识信息是终端设备的MAC地址时,通过同时查询许可数据库,以确认许可服务器是否已经生成MAC和第二公钥,从而根据MAC和第二公钥验证终端设备的合法性。Wherein, when the identification information is the MAC address of the terminal device, the validity of the terminal device is verified according to the MAC and the second public key by checking the license database at the same time to confirm whether the license server has generated the MAC and the second public key.
或者是,密钥协商请求中还包括第一密文的哈希值,以便云端服务器应用第一公钥解密第一密文后,根据MAC地址、哈希值和第二公钥验证终端设备的合法性。Alternatively, the key negotiation request further includes a hash value of the first ciphertext, so that the cloud server applies the first public key to decrypt the first ciphertext, and then verifies the terminal device according to the MAC address, the hash value, and the second public key. legality.
需要说明的是,如果应用第一私钥解密第一密文成功,进行后续验证,如果应用第一公钥解密第一密文失败,云端服务器可以将该终端设备作为非法终端设备,不再进行后续验证。It should be noted that, if the first private key is used to decrypt the first ciphertext successfully, and subsequent verification is performed, if the first public key is used to decrypt the first ciphertext, the cloud server may use the terminal device as an illegal terminal device, and no longer perform the process. Subsequent verification.
步骤130,接收云端服务器验证终端设备合法后,应用第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,会话密钥包括第一随机数。Step 130: After receiving the cloud server to verify that the terminal device is legal, the second public key is used to encrypt the session key and then send a key agreement response including the second ciphertext, where the session key includes the first random number.
具体地,在对第一密文解密成功,并得到第一密文的明文信息之后,云端服务器使用接收到的第二公钥对该包括第一随机数的会话秘钥进行加密操作得到第二密文,然后将第二密文发送给终端设备。Specifically, after the first ciphertext is successfully decrypted, and the plaintext information of the first ciphertext is obtained, the cloud server uses the received second public key to encrypt the session key including the first random number to obtain a second operation. The ciphertext is then sent to the terminal device.
为了进一步提高数据传输的安全性,可以在对第一密文解密成功,并得到第一密文的明文信息之后,云端服务器还可生成一个第二随机数,将第一随机数和第二随机数进行拼接,得到拼接数据,并使用接收到的第二公钥对该拼接数据进行加密操作得到第二密文, 然后将第二密文发送给终端设备。也就是说,第二密文还包括云端服务器生成的第二随机数。In order to further improve the security of the data transmission, after the first ciphertext is successfully decrypted and the plaintext information of the first ciphertext is obtained, the cloud server may further generate a second random number, the first random number and the second random number. The number is spliced to obtain spliced data, and the spliced data is encrypted by using the received second public key to obtain a second ciphertext. The second ciphertext is then sent to the terminal device. That is to say, the second ciphertext further includes a second random number generated by the cloud server.
需要说明的是,在会话密钥中必须包含第一随机数,另外为了进一步提高安全性加入第二随机数或者别的数据可以根据需要选择设置。It should be noted that the first random number must be included in the session key, and the second random number or other data may be added to further improve security.
步骤140,应用第二公钥对第二密文进行解密,如果获得第一随机数,则应用会话密钥对预先与云端服务器协商的第一字符串进行加密,向云端服务器发送包括第三密文的密钥确认响应,以供云端服务器应用会话密钥对第三密文进行解密处理,并根据解密结果中是否包含第一字符串确定密钥协商是否成功。Step 140: The second public key is used to decrypt the second ciphertext. If the first random number is obtained, the session key is used to encrypt the first character string negotiated in advance with the cloud server, and the third server is sent to the cloud server. The key confirmation response of the file is used for decrypting the third ciphertext by the cloud server application session key, and determining whether the key negotiation is successful according to whether the first string is included in the decryption result.
具体地,当终端设备接收到第二密文后,使用终端设备的第二私钥对其进行解密操作,在解密成功后,可根据生成的第一随机数与解密得到的明文信息进行比对,如果比对结果中包含有第一随机数,则终端设备确认云端服务器通过身份验证。Specifically, after receiving the second ciphertext, the terminal device decrypts the second private key of the terminal device, and after the decryption succeeds, compares the generated first random number with the decrypted plaintext information. If the comparison result includes the first random number, the terminal device confirms that the cloud server passes the authentication.
进一步地,当确定云端服务器通过身份认证之后,应用会话密钥对预先与云端服务器协商的第一字符串进行加密,向云端服务器发送包括第三密文的密钥确认响应,以供云端服务器应用会话密钥对第三密文进行解密处理,并根据解密结果中是否包含第一字符串确定密钥协商是否成功。Further, after determining that the cloud server passes the identity authentication, the application session key encrypts the first character string negotiated in advance with the cloud server, and sends a key confirmation response including the third ciphertext to the cloud server for the cloud server application. The session key decrypts the third ciphertext, and determines whether the key negotiation is successful according to whether the first string is included in the decryption result.
其中,应用会话密钥对预先与云端服务器协商的第一字符串进行加密可以理解为首先按照预设周期通过随机数发生器生成预设长度的随机数。The encrypting the first character string negotiated in advance with the cloud server by using the session key may be understood as firstly generating a random number of a preset length by using a random number generator according to a preset period.
进一步地,将随机数与第一字符串进行拼接处理生成第二字符串。Further, the random number is spliced with the first character string to generate a second character string.
进一步地,应用会话密钥对第二字符串进行加密,向云端服务器发送包括第三密文的密钥确认响应,以供云端服务器应用会话密钥对第三密文进行解密处理,并根据解密结果中是否包含第一字符串确定密钥协商是否成功。Further, the application session key encrypts the second character string, and sends a key confirmation response including the third ciphertext to the cloud server, so that the cloud server applies the session key to decrypt the third ciphertext, and decrypts according to the decryption process. Whether the result contains the first string determines whether the key negotiation is successful.
其中,预设周期可以根据需要进行设置,例如10分钟、20分钟等。The preset period can be set as needed, for example, 10 minutes, 20 minutes, and the like.
其中,预设长度可以根据需要进行设置,例如5个字符串、10个字符串等。The preset length can be set as needed, for example, 5 strings, 10 strings, and the like.
其中,随机数可以是字母、数字和特殊符号等中的一种或者多种。The random number may be one or more of letters, numbers, special symbols, and the like.
需要说明的是,拼接处理可以理解为“随机数+第一字符串”、也可以理解为“第一字符串+随机数”、还可以理解为随机数任意插入第一字符串的各个字符之间等。It should be noted that the splicing process can be understood as “random number + first character string”, and can also be understood as “first character string + random number”, and can also be understood as random characters arbitrarily inserted into each character of the first character string. Wait.
具体地,可以通过例如MD5加密算法、DES加密算法和RSA加密算法等,应用与云端服务器预先协商的会话密钥对第二字符串进行加密得到的结果作为第三密文。Specifically, the result of encrypting the second character string by using a session key pre-negotiated with the cloud server may be used as the third ciphertext by, for example, an MD5 encryption algorithm, a DES encryption algorithm, an RSA encryption algorithm, or the like.
进一步,将第三密文发送给云端服务器,云端服务器会利用相应的解密Further, the third ciphertext is sent to the cloud server, and the cloud server uses the corresponding decryption.
算法,应用与终端设备预先协商的会话密钥对第三密文进行解密处理。The algorithm performs decryption processing on the third ciphertext by using a session key pre-negotiated with the terminal device.
进一步地,判断解密结果中是否包含第一字符串以确定终端设备与服务器协商是否成功。 Further, it is determined whether the first character string is included in the decryption result to determine whether the terminal device negotiates with the server successfully.
本申请实施例的密钥协商方法,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。In the key negotiation method of the embodiment of the present application, the encrypted first ciphertext is sent to the cloud server by the terminal device, and is decrypted by the cloud server, and the legality of the terminal device is verified according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
图2是根据本申请另一个实施例的密钥协商方法的流程图。2 is a flow chart of a method of key agreement in accordance with another embodiment of the present application.
如图2所示,该密钥协商方法包括:As shown in FIG. 2, the key negotiation method includes:
步骤210,接收终端设备发送的密钥协商请求,其中,密钥协商请求包括:第一密文和终端设备的第二公钥。Step 210: Receive a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device.
步骤220,应用云端服务器的第一私钥解密第一密文获取第一随机数和终端设备的标识信息,根据标识信息和第二公钥查询预存的许可数据库验证终端设备的合法性。Step 220: The first private key of the cloud server is used to decrypt the first ciphertext to obtain the first random number and the identification information of the terminal device, and the pre-stored license database is queried according to the identifier information and the second public key to verify the legality of the terminal device.
具体地,云端服务器接收终端设备发送的密钥协商请求后,云端服务器可以应用第一私钥解密第一密文后,得到第一随机数和终端设备的标识信息。Specifically, after the cloud server receives the key negotiation request sent by the terminal device, the cloud server may use the first private key to decrypt the first ciphertext, and obtain the first random number and the identification information of the terminal device.
需要说明的是,标识信息的具体说明请参见步骤110,此处不再详述。For details of the identification information, refer to step 110, which is not described in detail here.
其中,可以通过同时查询许可数据库,以确认许可服务器是否已经生成MAC和第二公钥,从而根据MAC和第二公钥验证终端设备的合法性。Wherein, the validity of the terminal device can be verified according to the MAC and the second public key by simultaneously querying the license database to confirm whether the license server has generated the MAC and the second public key.
需要说明的是,如果应用第一私钥解密第一密文成功,进行后续验证,如果应用第一公钥解密第一密文失败,云端服务器可以将该终端设备作为非法终端设备,不再进行后续验证。It should be noted that, if the first private key is used to decrypt the first ciphertext successfully, and subsequent verification is performed, if the first public key is used to decrypt the first ciphertext, the cloud server may use the terminal device as an illegal terminal device, and no longer perform the process. Subsequent verification.
步骤230,如果许可数据库包括标识信息和第二公钥,则应用第二公钥对会话密钥加密,向终端设备发送包括第二密文的密钥协商响应,其中,会话密钥包括第一随机数。Step 230: If the license database includes the identifier information and the second public key, encrypt the session key by applying the second public key, and send a key agreement response including the second ciphertext to the terminal device, where the session key includes the first random number.
步骤240,接收终端设备应用第二私钥解密第二密文获取第一随机数后发送的包括第三密文的密钥确认响应,应用会话密钥解密第三密文获取解密结果。Step 240: The receiving terminal device applies a second private key to decrypt the second ciphertext to obtain a key acknowledgment response including the third ciphertext after the first random number is obtained, and decrypts the third ciphertext by using the session key to obtain the decryption result.
具体地,许可数据库包括标识信息和第二公钥,使用接收到的第二公钥对该包括第一随机数的会话秘钥进行加密操作得到第二密文,然后将第二密文发送给终端设备。Specifically, the license database includes the identifier information and the second public key, and the session key including the first random number is encrypted by using the received second public key to obtain a second ciphertext, and then the second ciphertext is sent to Terminal Equipment.
其中,为了进一步提高数据传输的安全性,可以生成第二随机数,将第二随机数与第一随机数进行拼接生成会话密钥,应用第二公钥对所述会话密钥加密。In order to further improve the security of data transmission, a second random number may be generated, the second random number is spliced with the first random number to generate a session key, and the session key is encrypted by applying a second public key.
进一步地,云端服务器向终端设备发送包括第二密文的密钥协商响应。由此,接收终端设备应用第二私钥解密第二密文获取第一随机数后发送的包括第三密文的密钥确认响应,应用会话密钥解密第三密文获取解密结果。Further, the cloud server sends a key agreement response including the second ciphertext to the terminal device. Therefore, the receiving terminal device uses the second private key to decrypt the second ciphertext to obtain the key acknowledgment response including the third ciphertext after the first random number is obtained, and decrypts the third ciphertext by using the session key to obtain the decrypted result.
步骤250,检测解密结果中是否包含与终端设备预先协商的第一字符串确定密钥协商是否成功。 Step 250: Detect whether the decryption result includes whether the first string determined in advance with the terminal device determines whether the key negotiation is successful.
具体地,将第三密文发送给云端服务器,云端服务器会利用相应的解密Specifically, the third ciphertext is sent to the cloud server, and the cloud server uses the corresponding decryption.
算法,应用与终端设备预先协商的会话密钥对第三密文进行解密处理。The algorithm performs decryption processing on the third ciphertext by using a session key pre-negotiated with the terminal device.
进一步地,判断解密结果中是否包含第一字符串以确定终端设备与服务器协商是否成功。Further, it is determined whether the first character string is included in the decryption result to determine whether the terminal device negotiates with the server successfully.
需要说明的是,在检测获知解密结果中包含第一字符串时应用与终端设备协商的密钥信息对交互信息进行加密或解密处理。即在密钥协商结束以后,可以利用与终端设备协商的密钥信息对交互信息进行处理,可以是加密、解密等一种或者多种。It should be noted that, when detecting that the decrypted result includes the first character string, the key information that is negotiated with the terminal device is applied to encrypt or decrypt the interaction information. That is, after the key negotiation ends, the interaction information may be processed by using the key information negotiated with the terminal device, which may be one or more of encryption and decryption.
本申请实施例的密钥协商方法,接收终端设备发送的加密的第一密文,以并对其进行解密再根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The key negotiation method in the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs data decryption. Once again, the encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after it receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
为了本领域人员更加清楚上述实施过程,结合例子说明如下:In order to make the above implementation process more clear to those skilled in the art, the following examples are described as follows:
图3是根据本申请一个实施例的密钥协商方法的示意图。FIG. 3 is a schematic diagram of a key agreement method according to an embodiment of the present application.
如图3所示,智能终端可通过无线连接(WIFI、蓝牙、ZigBee等)的方式向云端服务器发送密钥协商请求时,其中,该密钥协商请求包括第一密文和第二公钥。As shown in FIG. 3, the smart terminal can send a key negotiation request to the cloud server by means of a wireless connection (WIFI, Bluetooth, ZigBee, etc.), wherein the key negotiation request includes the first ciphertext and the second public key.
其中,该第一密文为使用云端服务器第一公钥对第一随机数R1和终端设备的MAC地址进行加密得到的。在云端服务器接收到该密钥协商请求之后,可对该密钥协商请求进行解密操作以获得相应的明文信息,即第一随机数R1、终端设备的MAC地址和终端设备的第二公钥。The first ciphertext is obtained by encrypting the first random number R1 and the MAC address of the terminal device by using the first public key of the cloud server. After the cloud server receives the key negotiation request, the key negotiation request may be decrypted to obtain corresponding plaintext information, that is, the first random number R1, the MAC address of the terminal device, and the second public key of the terminal device.
另外,云端服务器还可以生成一个第二随机数R2,然后通过使用第二公钥对获得的第一随机数R1和第二随机数R2进行加密,得到第二密文,并发送至终端设备。In addition, the cloud server may further generate a second random number R2, and then encrypt the first random number R1 and the second random number R2 obtained by using the second public key to obtain a second ciphertext, and send the second ciphertext to the terminal device.
进一步地,终端设备在接收到第二密文之后,可使用第二私钥对第二密文进行解密,并在解密成功后,向云端服务器发送加密的认证通过信息,其中发送的认证通过信息可以是根据第一随机数R1和第二随机数R2对预先设置的确认信息(如图3中的“OK”等)进行加密生成的。Further, after receiving the second ciphertext, the terminal device may use the second private key to decrypt the second ciphertext, and after the decryption succeeds, send the encrypted authentication pass information to the cloud server, where the authentication pass information is sent. It may be that the pre-set confirmation information ("OK" or the like in FIG. 3) is encrypted and generated based on the first random number R1 and the second random number R2.
进一步地,云端服务器接收到该认证通过信息之后会对该信息进行解密,以获得预先设置的字符信息,进而根据认证通过信息建立安全的通信连接。Further, after receiving the authentication pass information, the cloud server decrypts the information to obtain pre-set character information, and then establishes a secure communication connection according to the authentication pass information.
本申请实施例的密钥协商方法,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认 证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。In the key negotiation method of the embodiment of the present application, the encrypted first ciphertext is sent to the cloud server by the terminal device, and is decrypted by the cloud server, and the legality of the terminal device is verified according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity of the terminal device and the cloud server can be completed. Proof and establish a reliable and secure connection, which reduces costs, which improves the security and efficiency of data transmission.
为实现上述目的,本申请还提出一种密钥协商装置。To achieve the above object, the present application also proposes a key agreement apparatus.
图4是根据本申请一个实施例的密钥协商装置的结构示意图。FIG. 4 is a schematic structural diagram of a key agreement apparatus according to an embodiment of the present application.
如图4所示,该密钥协商装置可包括:加密模块41、发送模块42、响应模块43和解密模块44。As shown in FIG. 4, the key agreement apparatus may include an
其中,加密模块41用于生成第一随机数,应用云端服务器的第一公钥对第一随机数和终端设备的标识信息进行加密生成第一密文。The
发送模块42用于向云端服务器发送密钥协商请求,其中,密钥协商请求包括:第一密文和终端设备的第二公钥,以便云端服务器应用第一私钥解密第一密文后,根据标识信息和第二公钥验证终端设备的合法性。The sending
响应模块43用于接收云端服务器验证终端设备合法后,应用第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,会话密钥包括第一随机数。The
解密模块44用于应用第二私钥对第二密文进行解密,在获得第一随机数时,应用会话密钥对预先与云端服务器协商的第一字符串进行加密,向云端服务器发送包括第三密文的密钥确认响应,以供云端服务器应用会话密钥对第三密文进行解密处理,并根据解密结果中是否包含第一字符串确定密钥协商是否成功。The
其中,在本申请的一个实施例中,标识信息为终端设备的MAC地址,密钥协商请求中还包括:第一密文的哈希值,以便云端服务器应用第一私钥解密第一密文后,根据MAC地址、哈希值和第二公钥验证终端设备的合法性。In an embodiment of the present application, the identifier information is a MAC address of the terminal device, and the key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server applies the first private key to decrypt the first ciphertext. After that, the validity of the terminal device is verified according to the MAC address, the hash value, and the second public key.
其中,在本申请的一个实施例中,解密模块44用于按照预设周期通过随机数发生器生成预设长度的随机数,将随机数与第一字符串进行拼接处理生成第二字符串,应用会话密钥对第二字符串进行加密,向云端服务器发送包括第三密文的密钥确认响应,以供云端服务器应用会话密钥对第三密文进行解密处理,并根据解密结果中是否包含第一字符串确定密钥协商是否成功。In an embodiment of the present application, the decrypting
本发明实施例提供的密钥协商装置与上述第一方面实施例提供的密钥协商方法相对应,因此在前述密钥协商方法的实施方式也适用于本实施例提供的密钥协商装置,在本实施例中不再详细描述。The key agreement device provided by the embodiment of the present invention corresponds to the key agreement method provided by the foregoing first embodiment. Therefore, the implementation manner of the foregoing key negotiation method is also applicable to the key agreement device provided in this embodiment. This embodiment will not be described in detail.
本申请实施例的密钥协商装置,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认 证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The key agreement apparatus of the embodiment of the present invention sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud file through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity of the terminal device and the cloud server can be completed. Proof and establish a reliable and secure connection, which reduces costs, which improves the security and efficiency of data transmission.
图5是根据本申请另一个实施例的密钥协商装置的结构示意图。FIG. 5 is a schematic structural diagram of a key agreement apparatus according to another embodiment of the present application.
如图5所示,该密钥协商装置可包括:接收模块51、查询模块52、第一处理模块53、第二处理模块54和检测模块55。As shown in FIG. 5, the key agreement apparatus may include: a receiving
接收模块51用于接收终端设备发送的密钥协商请求,其中,密钥协商请求包括:第一密文和终端设备的第二公钥。The receiving
查询模块52用于应用云端服务器的第一私钥解密第一密文获取第一随机数和终端设备的标识信息,根据标识信息和第二公钥查询预存的许可数据库验证终端设备的合法性。The
第一处理模块53用于在许可数据库包括标识信息和第二公钥时,应用第二公钥对会话密钥加密,向终端设备发送包括第二密文的密钥协商响应,其中,会话密钥包括第一随机数。The
第二处理模块54用于接收终端设备应用第二私钥解密第二密文获取第一随机数后发送的包括第三密文的密钥确认响应,应用会话密钥解密第三密文获取解密结果。The
检测模块55用于检测解密结果中是否包含与终端设备预先协商的第一字符串确定密钥协商是否成功。The detecting
其中,在本申请的一个实施例中,第一处理模块53用于生成第二随机数,将第二随机数与第一随机数进行拼接生成会话密钥;应用第二公钥对会话密钥加密。In an embodiment of the present application, the
本发明实施例提供的密钥协商装置与上述第二方面实施例提供的密钥协商方法相对应,因此在前述密钥协商方法的实施方式也适用于本实施例提供的密钥协商装置,在本实施例中不再详细描述。The key agreement device provided by the embodiment of the present invention corresponds to the key negotiation method provided in the foregoing second embodiment. Therefore, the implementation of the foregoing key negotiation method is also applicable to the key agreement device provided in this embodiment. This embodiment will not be described in detail.
本申请实施例的密钥协商装置,接收终端设备发送的加密的第一密文,以并对其进行解密再根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The key agreement apparatus of the embodiment of the present invention receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs data decryption. Once again, the encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after it receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本申请的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。 In the description of the present specification, the description with reference to the terms "one embodiment", "some embodiments", "example", "specific example", or "some examples" and the like means a specific feature described in connection with the embodiment or example. A structure, material or feature is included in at least one embodiment or example of the application. In the present specification, the schematic representation of the above terms is not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in a suitable manner in any one or more embodiments or examples. In addition, various embodiments or examples described in the specification, as well as features of various embodiments or examples, may be combined and combined.
尽管上面已经示出和描述了本申请的实施例,可以理解的是,上述实施例是示例性的,不能理解为对本申请的限制,本领域的普通技术人员在本申请的范围内可以对上述实施例进行变化、修改、替换和变型。 While the embodiments of the present application have been shown and described above, it is understood that the above-described embodiments are illustrative and are not to be construed as limiting the scope of the present application. The embodiments are subject to variations, modifications, substitutions and variations.
Claims (14)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2016/104113 WO2018076365A1 (en) | 2016-10-31 | 2016-10-31 | Key negotiation method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2016/104113 WO2018076365A1 (en) | 2016-10-31 | 2016-10-31 | Key negotiation method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018076365A1 true WO2018076365A1 (en) | 2018-05-03 |
Family
ID=62023049
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/104113 WO2018076365A1 (en) | 2016-10-31 | 2016-10-31 | Key negotiation method and device |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2018076365A1 (en) |
Cited By (124)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109376021A (en) * | 2018-09-26 | 2019-02-22 | 深圳壹账通智能科技有限公司 | The response method and server that interface calls |
CN109379176A (en) * | 2018-12-10 | 2019-02-22 | 湖北工业大学 | An Authentication and Key Agreement Method Against Password Disclosure |
CN110011958A (en) * | 2018-12-13 | 2019-07-12 | 平安科技(深圳)有限公司 | Information ciphering method, device, computer equipment and storage medium |
CN110224816A (en) * | 2019-05-15 | 2019-09-10 | 如般量子科技有限公司 | Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number |
CN110266485A (en) * | 2019-06-28 | 2019-09-20 | 宁波奥克斯电气股份有限公司 | A NB-IoT-based secure communication control method for the Internet of Things |
CN110378753A (en) * | 2019-07-29 | 2019-10-25 | 秒针信息技术有限公司 | A kind of advertisement serving policy determines method and device |
CN110796443A (en) * | 2019-10-28 | 2020-02-14 | 飞天诚信科技股份有限公司 | Method and terminal for constructing magnetic track data |
CN110830243A (en) * | 2019-10-18 | 2020-02-21 | 中国第一汽车股份有限公司 | Symmetric key distribution method, device, vehicle and storage medium |
CN110868294A (en) * | 2019-12-09 | 2020-03-06 | 北京智宝云科科技有限公司 | Key updating method, device and equipment |
CN110912872A (en) * | 2019-11-04 | 2020-03-24 | 国网思极神往位置服务(北京)有限公司 | New energy power plant dispatching data acquisition system based on Beidou electric power application |
CN111031352A (en) * | 2019-12-02 | 2020-04-17 | 北京奇艺世纪科技有限公司 | Audio and video encryption method, security processing method, device and storage medium |
CN111065092A (en) * | 2019-12-30 | 2020-04-24 | 江苏全链通信息科技有限公司 | 5G communication information encryption and decryption method, equipment and storage medium |
CN111082935A (en) * | 2019-12-31 | 2020-04-28 | 江苏芯盛智能科技有限公司 | Media key generation method and device and terminal based on media key |
CN111127014A (en) * | 2019-12-25 | 2020-05-08 | 中国银联股份有限公司 | Transaction information processing method, server, user terminal, system and storage medium |
CN111130750A (en) * | 2018-10-30 | 2020-05-08 | 长城汽车股份有限公司 | Vehicle CAN safety communication method and system |
CN111177739A (en) * | 2019-10-28 | 2020-05-19 | 腾讯云计算(北京)有限责任公司 | Data processing method, information interaction system and computer storage medium |
CN111385793A (en) * | 2018-12-30 | 2020-07-07 | 上海银基信息安全技术股份有限公司 | Instruction sending method, instruction sending system, electronic equipment and storage medium |
CN111405082A (en) * | 2020-03-23 | 2020-07-10 | Oppo(重庆)智能科技有限公司 | Device connection method, electronic device, terminal and storage medium |
CN111404952A (en) * | 2020-03-24 | 2020-07-10 | 中国南方电网有限责任公司 | Transformer substation data encryption transmission method and device, computer equipment and storage medium |
CN111416718A (en) * | 2020-03-13 | 2020-07-14 | 浙江华消科技有限公司 | Method and device for receiving communication key, method and device for sending communication key |
CN111431717A (en) * | 2020-03-31 | 2020-07-17 | 兴唐通信科技有限公司 | Encryption method for satellite mobile communication system |
CN111526160A (en) * | 2020-05-26 | 2020-08-11 | 中国联合网络通信集团有限公司 | Confidential information processing method and server |
CN111586070A (en) * | 2020-05-15 | 2020-08-25 | 北京中油瑞飞信息技术有限责任公司 | Three-phase metering device communication method and device, three-phase metering device and storage medium |
CN111586055A (en) * | 2020-05-09 | 2020-08-25 | 天合光能股份有限公司 | Method for realizing communication safety of energy storage system based on DES random token |
CN111600854A (en) * | 2020-04-29 | 2020-08-28 | 北京智芯微电子科技有限公司 | Method for establishing security channel between intelligent terminal and server |
CN111614637A (en) * | 2020-05-08 | 2020-09-01 | 郑州信大捷安信息技术股份有限公司 | Secure communication method and system based on software cryptographic module |
CN111698225A (en) * | 2020-05-28 | 2020-09-22 | 国家电网有限公司 | Application service authentication encryption method suitable for power dispatching control system |
CN111723384A (en) * | 2019-03-22 | 2020-09-29 | 阿里巴巴集团控股有限公司 | Data processing method, system and equipment |
CN111740985A (en) * | 2020-06-19 | 2020-10-02 | 国动物联网有限公司 | TCP long connection security verification encryption method |
CN111786778A (en) * | 2020-06-12 | 2020-10-16 | 视联动力信息技术股份有限公司 | A method and device for key update |
CN112052018A (en) * | 2020-09-09 | 2020-12-08 | 北京文香信息技术有限公司 | Application program installation method and device |
CN112087419A (en) * | 2020-07-25 | 2020-12-15 | 北京蜂云科创信息技术有限公司 | Vehicle-mounted terminal data transmission safety protection method and device |
CN112118210A (en) * | 2019-06-20 | 2020-12-22 | 阿里巴巴集团控股有限公司 | Authentication key configuration method, device, system and storage medium |
CN112134694A (en) * | 2020-08-11 | 2020-12-25 | 北京智芯微电子科技有限公司 | Data interaction method, master station, terminal and computer readable storage medium |
CN112149140A (en) * | 2019-06-28 | 2020-12-29 | 北京百度网讯科技有限公司 | Prediction method, device, equipment and storage medium |
CN112152963A (en) * | 2019-06-26 | 2020-12-29 | 国民技术股份有限公司 | Intelligent lock, security platform and authentication method thereof |
CN112311533A (en) * | 2019-07-29 | 2021-02-02 | 中国电信股份有限公司 | Terminal identity authentication method, system and storage medium |
CN112332940A (en) * | 2020-11-06 | 2021-02-05 | 北京东土科技股份有限公司 | Data transmission method based on time synchronization network and related equipment |
CN112422275A (en) * | 2020-10-26 | 2021-02-26 | 深圳Tcl新技术有限公司 | Key agreement method, system, device and computer storage medium in UART communication |
CN112436936A (en) * | 2020-11-11 | 2021-03-02 | 安徽量安通信息科技有限公司 | Cloud storage method and system with quantum encryption function |
CN112448808A (en) * | 2019-08-29 | 2021-03-05 | 斑马智行网络(香港)有限公司 | Communication method, device, access point, server, system and storage medium |
CN112487380A (en) * | 2020-12-16 | 2021-03-12 | 江苏国科微电子有限公司 | Data interaction method, device, equipment and medium |
CN112511295A (en) * | 2020-11-12 | 2021-03-16 | 银联商务股份有限公司 | Authentication method and device for interface calling, micro-service application and key management center |
CN112533213A (en) * | 2019-09-17 | 2021-03-19 | 中移(苏州)软件技术有限公司 | Key negotiation method, device, terminal and storage medium |
CN112612976A (en) * | 2020-12-18 | 2021-04-06 | 深圳前海微众银行股份有限公司 | Data processing method, device, equipment and storage medium |
CN112822016A (en) * | 2021-01-25 | 2021-05-18 | 厦门市易联众易惠科技有限公司 | Method for performing data authorization on blockchain and blockchain network |
CN112839062A (en) * | 2021-04-20 | 2021-05-25 | 北京天维信通科技有限公司 | Port hiding method, device and equipment with mixed authentication signals |
CN112929166A (en) * | 2021-02-03 | 2021-06-08 | 中国人民解放军火箭军工程大学 | Master station, slave station and data transmission system based on Modbus-TCP protocol |
CN112948867A (en) * | 2021-03-29 | 2021-06-11 | 建信金融科技有限责任公司 | Method and device for generating and decrypting encrypted message and electronic equipment |
CN112995120A (en) * | 2019-12-18 | 2021-06-18 | 北京国双科技有限公司 | Data monitoring method and device |
CN113014376A (en) * | 2019-12-21 | 2021-06-22 | 浙江宇视科技有限公司 | Method for safety authentication between user and server |
CN113010293A (en) * | 2021-03-19 | 2021-06-22 | 广州万协通信息技术有限公司 | Multithreading concurrent data encryption and decryption processing method and device and storage medium |
CN113055340A (en) * | 2019-12-26 | 2021-06-29 | 华为技术有限公司 | Authentication method and device |
CN113099443A (en) * | 2019-12-23 | 2021-07-09 | 阿里巴巴集团控股有限公司 | Equipment authentication method, device, equipment and system |
CN113141333A (en) * | 2020-01-18 | 2021-07-20 | 佛山市云米电器科技有限公司 | Communication method, device, server, system and storage medium for network access device |
CN113194465A (en) * | 2021-04-20 | 2021-07-30 | 歌尔股份有限公司 | BLE connection verification method and device between terminals and readable storage medium |
CN113207121A (en) * | 2021-03-31 | 2021-08-03 | 中国电力科学研究院有限公司 | Key management method and system for intelligent power distribution network communication system |
CN113254957A (en) * | 2019-11-26 | 2021-08-13 | 支付宝(杭州)信息技术有限公司 | Data query method, device, equipment and system based on privacy information protection |
CN113395406A (en) * | 2021-06-23 | 2021-09-14 | 中国电力科学研究院有限公司 | Encryption authentication method and system based on power equipment fingerprints |
CN113422683A (en) * | 2021-03-04 | 2021-09-21 | 上海数道信息科技有限公司 | Edge cloud cooperative data transmission method, system, storage medium and terminal |
CN113572743A (en) * | 2021-07-02 | 2021-10-29 | 深圳追一科技有限公司 | Data encryption and decryption method and device, computer equipment and storage medium |
CN113591113A (en) * | 2021-07-29 | 2021-11-02 | 华控清交信息科技(北京)有限公司 | Privacy calculation method, device and system and electronic equipment |
CN113613227A (en) * | 2021-08-09 | 2021-11-05 | 青岛海尔科技有限公司 | Data transmission method and device of Bluetooth equipment, storage medium and electronic device |
CN113674456A (en) * | 2021-08-19 | 2021-11-19 | 中国建设银行股份有限公司 | Unlocking method, unlocking device, electronic equipment and storage medium |
CN113676478A (en) * | 2021-08-20 | 2021-11-19 | 北京奇艺世纪科技有限公司 | Data processing method and related equipment |
CN113691958A (en) * | 2021-09-02 | 2021-11-23 | 北卡科技有限公司 | SM 9-based V2X identity authentication method |
CN113852459A (en) * | 2021-08-13 | 2021-12-28 | 中央财经大学 | Key agreement method, device and computer readable storage medium |
CN113902069A (en) * | 2021-09-18 | 2022-01-07 | 瀚辰科技有限公司 | Homing pigeon foot ring based on NFC antenna and identification method thereof |
CN114022259A (en) * | 2021-11-11 | 2022-02-08 | 陕西华春网络科技股份有限公司 | Bidding method and device based on public key designation and identity verification |
CN114051031A (en) * | 2021-11-16 | 2022-02-15 | 中国电信股份有限公司 | Encryption communication method, system, equipment and storage medium based on distributed identity |
WO2022037379A1 (en) * | 2020-08-20 | 2022-02-24 | 飞天诚信科技股份有限公司 | Electronic device and method therefor for protecting seed data packet |
CN114095256A (en) * | 2021-11-23 | 2022-02-25 | 广州市诺的电子有限公司 | Terminal authentication method, system, equipment and storage medium based on edge calculation |
CN114139180A (en) * | 2021-11-29 | 2022-03-04 | 厦门熵基科技有限公司 | Method and device for processing secret key |
CN114142995A (en) * | 2021-11-05 | 2022-03-04 | 支付宝(杭州)信息技术有限公司 | Key secure distribution method and device for block chain relay communication network |
CN114172745A (en) * | 2022-01-19 | 2022-03-11 | 中电华瑞技术有限公司 | Internet of things security protocol system |
CN114205083A (en) * | 2021-12-22 | 2022-03-18 | 中国电信股份有限公司 | SRv 6-based security authentication method, network node and authentication system |
CN114221784A (en) * | 2021-11-12 | 2022-03-22 | 招银云创信息技术有限公司 | Data transmission method and computer equipment |
CN114244513A (en) * | 2021-12-31 | 2022-03-25 | 日晷科技(上海)有限公司 | Key agreement method, device and storage medium |
CN114244630A (en) * | 2022-02-15 | 2022-03-25 | 北京指掌易科技有限公司 | Communication method, device, equipment and storage medium |
CN114297618A (en) * | 2021-12-28 | 2022-04-08 | 北京深思数盾科技股份有限公司 | Authorization code generation method, identity authentication method, terminal, server and medium |
CN114338184A (en) * | 2021-12-29 | 2022-04-12 | 中国电信股份有限公司 | Communication encryption method, device, nonvolatile storage medium and processor |
CN114363088A (en) * | 2022-02-18 | 2022-04-15 | 京东科技信息技术有限公司 | Method and device for requesting data |
CN114362946A (en) * | 2022-03-10 | 2022-04-15 | 北京得瑞领新科技有限公司 | Key agreement method and system |
CN114389804A (en) * | 2021-12-30 | 2022-04-22 | 中国电信股份有限公司 | Intelligent terminal control method and device, electronic equipment and storage medium |
CN114398602A (en) * | 2022-01-11 | 2022-04-26 | 国家计算机网络与信息安全管理中心 | Internet of things terminal identity authentication method based on edge calculation |
CN114419765A (en) * | 2022-01-18 | 2022-04-29 | 上汽通用五菱汽车股份有限公司 | Method and device for realizing vehicle safety control by NFC card and readable storage medium |
CN114422251A (en) * | 2022-01-21 | 2022-04-29 | 晋商博创(北京)科技有限公司 | Cloud-based multi-factor password processing method, device and storage medium |
CN114448613A (en) * | 2021-12-21 | 2022-05-06 | 北京邮电大学 | Physical layer key generation method and device of communication system and electronic equipment |
CN114650175A (en) * | 2022-03-21 | 2022-06-21 | 网宿科技股份有限公司 | A verification method and device |
CN114662087A (en) * | 2022-05-20 | 2022-06-24 | 广州万协通信息技术有限公司 | Multi-terminal verification security chip firmware updating method and device |
CN114697956A (en) * | 2022-01-26 | 2022-07-01 | 深圳市三诺数字科技有限公司 | Secure communication method based on double links and related equipment thereof |
CN114697000A (en) * | 2020-12-28 | 2022-07-01 | 深圳Tcl新技术有限公司 | Network distribution method, device, terminal and computer readable storage medium |
CN114756887A (en) * | 2021-01-08 | 2022-07-15 | 普天信息技术有限公司 | Method and device for encrypting and storing sensitive information block in file |
CN114817956A (en) * | 2022-04-19 | 2022-07-29 | 珠海全志科技股份有限公司 | USB communication object verification method, system, device and storage medium |
CN114884659A (en) * | 2022-07-08 | 2022-08-09 | 北京智芯微电子科技有限公司 | Key agreement method, gateway, terminal device and storage medium |
CN114900348A (en) * | 2022-04-28 | 2022-08-12 | 福建福链科技有限公司 | Block chain sensor data verification method and terminal |
CN114915416A (en) * | 2022-04-20 | 2022-08-16 | 中金金融认证中心有限公司 | Method for encrypting file, method for verifying decryption and related products |
CN114978554A (en) * | 2022-07-29 | 2022-08-30 | 广州匠芯创科技有限公司 | Software authorization authentication system and method |
CN115037552A (en) * | 2022-06-29 | 2022-09-09 | 北京大甜绵白糖科技有限公司 | Authentication method, device, equipment and storage medium |
CN115102745A (en) * | 2022-06-16 | 2022-09-23 | 慧之安信息技术股份有限公司 | Internet of things terminal identity security authentication method based on lightweight |
CN115134177A (en) * | 2022-09-02 | 2022-09-30 | 国网瑞嘉(天津)智能机器人有限公司 | Networking encryption communication method and device, server equipment and terminal equipment |
CN115174195A (en) * | 2022-06-30 | 2022-10-11 | 中国第一汽车股份有限公司 | Database file processing method, encryption terminal and decryption terminal |
CN115250450A (en) * | 2021-04-28 | 2022-10-28 | 大唐移动通信设备有限公司 | Method and equipment for acquiring group communication key |
CN115314204A (en) * | 2022-10-11 | 2022-11-08 | 南京易科腾信息技术有限公司 | Random number generation method, device and storage medium |
CN115348066A (en) * | 2022-08-05 | 2022-11-15 | 昆仑数智科技有限责任公司 | Data encryption transmission method and device, electronic equipment and storage medium |
CN115348076A (en) * | 2022-08-12 | 2022-11-15 | 天翼数字生活科技有限公司 | Equipment security authentication method based on attribute encryption and related device thereof |
CN115426182A (en) * | 2022-09-01 | 2022-12-02 | 中国联合网络通信集团有限公司 | Information retrieval method, device and electronic equipment |
CN115499199A (en) * | 2022-09-14 | 2022-12-20 | 重庆长安汽车股份有限公司 | Vehicle safety communication method and device, vehicle and storage medium |
CN115577019A (en) * | 2022-12-07 | 2023-01-06 | 杭州恒生数字设备科技有限公司 | Spoken language testing method, device, equipment and storage medium |
CN115603940A (en) * | 2022-08-29 | 2023-01-13 | 湖南云箭智能科技有限公司(Cn) | Board card bidirectional network access authentication method and device and board card |
CN115668858A (en) * | 2020-05-29 | 2023-01-31 | 华为技术有限公司 | Key agreement method, device and system |
CN115834167A (en) * | 2022-11-14 | 2023-03-21 | 国网福建省电力有限公司龙岩供电公司 | Encryption transmission method and system for network data |
CN115913602A (en) * | 2022-03-22 | 2023-04-04 | 中国电力科学研究院有限公司 | A method and system for networking and interconnection communication of electric energy meters in a metering box |
CN115933993A (en) * | 2023-01-04 | 2023-04-07 | 山东省地质矿产勘查开发局八〇一水文地质工程地质大队(山东省地矿工程勘察院) | System and method for evaluating antifouling function of karst fracture network type aqueous medium |
CN115941183A (en) * | 2023-02-27 | 2023-04-07 | 紫光同芯微电子有限公司 | Biological information processing method and related device |
CN116032577A (en) * | 2022-12-19 | 2023-04-28 | 北京成鑫盈通科技有限公司 | System, method, medium and terminal for realizing end-to-end data security transmission of terminal equipment |
CN116055207A (en) * | 2023-01-31 | 2023-05-02 | 深圳市圣驼储能技术有限公司 | Encryption method and system for communication data of Internet of things |
CN116208949A (en) * | 2023-05-05 | 2023-06-02 | 北京智芯微电子科技有限公司 | Encryption transmission method and system for communication message, sending terminal and receiving terminal |
CN117118756A (en) * | 2023-10-23 | 2023-11-24 | 中关村芯海择优科技有限公司 | Data interaction method, device, computer equipment and computer readable storage medium |
CN117176479A (en) * | 2023-11-02 | 2023-12-05 | 北京安博通科技股份有限公司 | A method, device and electronic equipment for bypass decryption of state secret traffic audit |
WO2024027070A1 (en) * | 2022-08-03 | 2024-02-08 | 中国电力科学研究院有限公司 | Terminal device authentication method and system based on identification public key, and computer-readable storage medium |
CN117744038A (en) * | 2023-12-24 | 2024-03-22 | 中信出版集团股份有限公司 | Copyright protection system and method for digital content |
CN118101298A (en) * | 2024-03-14 | 2024-05-28 | 北京数软科技有限公司 | Data encryption transmission method, device, computer equipment, medium and program product |
TWI871236B (en) * | 2024-05-15 | 2025-01-21 | 中華電信股份有限公司 | Key negotiation system and method based on post-quantum cryptography |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060095771A1 (en) * | 2004-11-02 | 2006-05-04 | Guido Appenzeller | Security device for cryptographic communications |
CN101771535A (en) * | 2008-12-30 | 2010-07-07 | 上海茂碧信息科技有限公司 | Mutual authentication method between terminal and server |
CN105656941A (en) * | 2016-03-14 | 2016-06-08 | 美的集团股份有限公司 | Identity authentication device and method |
CN105871920A (en) * | 2016-06-08 | 2016-08-17 | 美的集团股份有限公司 | Communication system and method of terminal and cloud server as well as terminal and cloud server |
CN105959189A (en) * | 2016-06-08 | 2016-09-21 | 美的集团股份有限公司 | Home appliance equipment, communication system and method of cloud server and terminal, and terminal |
-
2016
- 2016-10-31 WO PCT/CN2016/104113 patent/WO2018076365A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060095771A1 (en) * | 2004-11-02 | 2006-05-04 | Guido Appenzeller | Security device for cryptographic communications |
CN101771535A (en) * | 2008-12-30 | 2010-07-07 | 上海茂碧信息科技有限公司 | Mutual authentication method between terminal and server |
CN105656941A (en) * | 2016-03-14 | 2016-06-08 | 美的集团股份有限公司 | Identity authentication device and method |
CN105871920A (en) * | 2016-06-08 | 2016-08-17 | 美的集团股份有限公司 | Communication system and method of terminal and cloud server as well as terminal and cloud server |
CN105959189A (en) * | 2016-06-08 | 2016-09-21 | 美的集团股份有限公司 | Home appliance equipment, communication system and method of cloud server and terminal, and terminal |
Cited By (196)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109376021A (en) * | 2018-09-26 | 2019-02-22 | 深圳壹账通智能科技有限公司 | The response method and server that interface calls |
CN111130750B (en) * | 2018-10-30 | 2023-09-12 | 长城汽车股份有限公司 | Vehicle CAN (controller area network) safety communication method and system |
CN111130750A (en) * | 2018-10-30 | 2020-05-08 | 长城汽车股份有限公司 | Vehicle CAN safety communication method and system |
CN109379176A (en) * | 2018-12-10 | 2019-02-22 | 湖北工业大学 | An Authentication and Key Agreement Method Against Password Disclosure |
CN109379176B (en) * | 2018-12-10 | 2021-12-03 | 湖北工业大学 | Password leakage resistant authentication and key agreement method |
CN110011958A (en) * | 2018-12-13 | 2019-07-12 | 平安科技(深圳)有限公司 | Information ciphering method, device, computer equipment and storage medium |
CN110011958B (en) * | 2018-12-13 | 2023-04-07 | 平安科技(深圳)有限公司 | Information encryption method and device, computer equipment and storage medium |
CN111385793A (en) * | 2018-12-30 | 2020-07-07 | 上海银基信息安全技术股份有限公司 | Instruction sending method, instruction sending system, electronic equipment and storage medium |
CN111723384A (en) * | 2019-03-22 | 2020-09-29 | 阿里巴巴集团控股有限公司 | Data processing method, system and equipment |
CN111723384B (en) * | 2019-03-22 | 2024-04-02 | 阿里巴巴集团控股有限公司 | Data processing method, system and equipment |
CN110224816B (en) * | 2019-05-15 | 2023-09-05 | 如般量子科技有限公司 | Anti-quantum computing application system based on key fob and serial number, near-field energy-saving communication method and computer equipment |
CN110224816A (en) * | 2019-05-15 | 2019-09-10 | 如般量子科技有限公司 | Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number |
CN112118210A (en) * | 2019-06-20 | 2020-12-22 | 阿里巴巴集团控股有限公司 | Authentication key configuration method, device, system and storage medium |
CN112118210B (en) * | 2019-06-20 | 2023-09-01 | 阿里巴巴集团控股有限公司 | Authentication key configuration method, device, system and storage medium |
CN112152963B (en) * | 2019-06-26 | 2024-04-09 | 国民技术股份有限公司 | A smart lock, security platform and authentication method thereof |
CN112152963A (en) * | 2019-06-26 | 2020-12-29 | 国民技术股份有限公司 | Intelligent lock, security platform and authentication method thereof |
CN110266485B (en) * | 2019-06-28 | 2022-06-24 | 宁波奥克斯电气股份有限公司 | A secure communication control method for the Internet of Things based on NB-IoT |
CN112149140B (en) * | 2019-06-28 | 2023-06-27 | 北京百度网讯科技有限公司 | Prediction method, prediction device, prediction equipment and storage medium |
CN112149140A (en) * | 2019-06-28 | 2020-12-29 | 北京百度网讯科技有限公司 | Prediction method, device, equipment and storage medium |
CN110266485A (en) * | 2019-06-28 | 2019-09-20 | 宁波奥克斯电气股份有限公司 | A NB-IoT-based secure communication control method for the Internet of Things |
CN110378753B (en) * | 2019-07-29 | 2022-05-17 | 秒针信息技术有限公司 | Advertisement putting strategy determination method and device |
CN112311533A (en) * | 2019-07-29 | 2021-02-02 | 中国电信股份有限公司 | Terminal identity authentication method, system and storage medium |
CN110378753A (en) * | 2019-07-29 | 2019-10-25 | 秒针信息技术有限公司 | A kind of advertisement serving policy determines method and device |
CN112448808A (en) * | 2019-08-29 | 2021-03-05 | 斑马智行网络(香港)有限公司 | Communication method, device, access point, server, system and storage medium |
CN112533213B (en) * | 2019-09-17 | 2022-06-10 | 中移(苏州)软件技术有限公司 | A key agreement method, device, terminal and storage medium |
CN112533213A (en) * | 2019-09-17 | 2021-03-19 | 中移(苏州)软件技术有限公司 | Key negotiation method, device, terminal and storage medium |
CN110830243A (en) * | 2019-10-18 | 2020-02-21 | 中国第一汽车股份有限公司 | Symmetric key distribution method, device, vehicle and storage medium |
CN110830243B (en) * | 2019-10-18 | 2023-06-09 | 中国第一汽车股份有限公司 | Symmetric key distribution method, device, vehicle and storage medium |
CN110796443A (en) * | 2019-10-28 | 2020-02-14 | 飞天诚信科技股份有限公司 | Method and terminal for constructing magnetic track data |
CN110796443B (en) * | 2019-10-28 | 2023-09-19 | 飞天诚信科技股份有限公司 | Method and terminal for constructing track data |
CN111177739B (en) * | 2019-10-28 | 2023-11-03 | 腾讯云计算(北京)有限责任公司 | Data processing method, information interaction system and computer storage medium |
CN111177739A (en) * | 2019-10-28 | 2020-05-19 | 腾讯云计算(北京)有限责任公司 | Data processing method, information interaction system and computer storage medium |
CN110912872A (en) * | 2019-11-04 | 2020-03-24 | 国网思极神往位置服务(北京)有限公司 | New energy power plant dispatching data acquisition system based on Beidou electric power application |
CN113254957A (en) * | 2019-11-26 | 2021-08-13 | 支付宝(杭州)信息技术有限公司 | Data query method, device, equipment and system based on privacy information protection |
CN113254957B (en) * | 2019-11-26 | 2022-04-08 | 支付宝(杭州)信息技术有限公司 | Data query method, device, equipment and system based on privacy information protection |
CN111031352A (en) * | 2019-12-02 | 2020-04-17 | 北京奇艺世纪科技有限公司 | Audio and video encryption method, security processing method, device and storage medium |
CN111031352B (en) * | 2019-12-02 | 2022-10-18 | 北京奇艺世纪科技有限公司 | Audio and video encryption method, security processing method, device and storage medium |
CN110868294A (en) * | 2019-12-09 | 2020-03-06 | 北京智宝云科科技有限公司 | Key updating method, device and equipment |
CN110868294B (en) * | 2019-12-09 | 2023-03-24 | 北京智宝云科科技有限公司 | Key updating method, device and equipment |
CN112995120A (en) * | 2019-12-18 | 2021-06-18 | 北京国双科技有限公司 | Data monitoring method and device |
CN113014376B (en) * | 2019-12-21 | 2022-06-14 | 浙江宇视科技有限公司 | Method for safety authentication between user and server |
CN113014376A (en) * | 2019-12-21 | 2021-06-22 | 浙江宇视科技有限公司 | Method for safety authentication between user and server |
CN113099443A (en) * | 2019-12-23 | 2021-07-09 | 阿里巴巴集团控股有限公司 | Equipment authentication method, device, equipment and system |
CN113099443B (en) * | 2019-12-23 | 2024-05-17 | 阿里巴巴集团控股有限公司 | Equipment authentication method, device, equipment and system |
CN111127014B (en) * | 2019-12-25 | 2023-09-19 | 中国银联股份有限公司 | Transaction information processing method, server, user terminal, system and storage medium |
CN111127014A (en) * | 2019-12-25 | 2020-05-08 | 中国银联股份有限公司 | Transaction information processing method, server, user terminal, system and storage medium |
CN113055340A (en) * | 2019-12-26 | 2021-06-29 | 华为技术有限公司 | Authentication method and device |
CN113055340B (en) * | 2019-12-26 | 2023-09-26 | 华为技术有限公司 | Authentication method and equipment |
CN111065092A (en) * | 2019-12-30 | 2020-04-24 | 江苏全链通信息科技有限公司 | 5G communication information encryption and decryption method, equipment and storage medium |
CN111082935A (en) * | 2019-12-31 | 2020-04-28 | 江苏芯盛智能科技有限公司 | Media key generation method and device and terminal based on media key |
CN111082935B (en) * | 2019-12-31 | 2022-07-12 | 江苏芯盛智能科技有限公司 | Media key generation method and device and terminal based on media key |
CN113141333A (en) * | 2020-01-18 | 2021-07-20 | 佛山市云米电器科技有限公司 | Communication method, device, server, system and storage medium for network access device |
CN111416718A (en) * | 2020-03-13 | 2020-07-14 | 浙江华消科技有限公司 | Method and device for receiving communication key, method and device for sending communication key |
CN111405082A (en) * | 2020-03-23 | 2020-07-10 | Oppo(重庆)智能科技有限公司 | Device connection method, electronic device, terminal and storage medium |
CN111404952B (en) * | 2020-03-24 | 2022-06-14 | 中国南方电网有限责任公司 | Transformer substation data encryption transmission method and device, computer equipment and storage medium |
CN111404952A (en) * | 2020-03-24 | 2020-07-10 | 中国南方电网有限责任公司 | Transformer substation data encryption transmission method and device, computer equipment and storage medium |
CN111431717A (en) * | 2020-03-31 | 2020-07-17 | 兴唐通信科技有限公司 | Encryption method for satellite mobile communication system |
CN111600854B (en) * | 2020-04-29 | 2022-03-08 | 北京智芯微电子科技有限公司 | Method for establishing security channel between intelligent terminal and server |
CN111600854A (en) * | 2020-04-29 | 2020-08-28 | 北京智芯微电子科技有限公司 | Method for establishing security channel between intelligent terminal and server |
CN111614637A (en) * | 2020-05-08 | 2020-09-01 | 郑州信大捷安信息技术股份有限公司 | Secure communication method and system based on software cryptographic module |
CN111586055A (en) * | 2020-05-09 | 2020-08-25 | 天合光能股份有限公司 | Method for realizing communication safety of energy storage system based on DES random token |
CN111586070A (en) * | 2020-05-15 | 2020-08-25 | 北京中油瑞飞信息技术有限责任公司 | Three-phase metering device communication method and device, three-phase metering device and storage medium |
CN111526160A (en) * | 2020-05-26 | 2020-08-11 | 中国联合网络通信集团有限公司 | Confidential information processing method and server |
CN111698225A (en) * | 2020-05-28 | 2020-09-22 | 国家电网有限公司 | Application service authentication encryption method suitable for power dispatching control system |
CN115668858A (en) * | 2020-05-29 | 2023-01-31 | 华为技术有限公司 | Key agreement method, device and system |
CN111786778A (en) * | 2020-06-12 | 2020-10-16 | 视联动力信息技术股份有限公司 | A method and device for key update |
CN111740985A (en) * | 2020-06-19 | 2020-10-02 | 国动物联网有限公司 | TCP long connection security verification encryption method |
CN112087419B (en) * | 2020-07-25 | 2022-07-29 | 北京蜂云科创信息技术有限公司 | Vehicle-mounted terminal data transmission safety protection method and device |
CN112087419A (en) * | 2020-07-25 | 2020-12-15 | 北京蜂云科创信息技术有限公司 | Vehicle-mounted terminal data transmission safety protection method and device |
CN112134694B (en) * | 2020-08-11 | 2024-01-23 | 北京智芯微电子科技有限公司 | Data interaction method, master station, terminal and computer readable storage medium |
CN112134694A (en) * | 2020-08-11 | 2020-12-25 | 北京智芯微电子科技有限公司 | Data interaction method, master station, terminal and computer readable storage medium |
WO2022037379A1 (en) * | 2020-08-20 | 2022-02-24 | 飞天诚信科技股份有限公司 | Electronic device and method therefor for protecting seed data packet |
CN112052018A (en) * | 2020-09-09 | 2020-12-08 | 北京文香信息技术有限公司 | Application program installation method and device |
CN112052018B (en) * | 2020-09-09 | 2024-02-20 | 安徽文香科技股份有限公司 | Application program installation method and device |
CN112422275A (en) * | 2020-10-26 | 2021-02-26 | 深圳Tcl新技术有限公司 | Key agreement method, system, device and computer storage medium in UART communication |
CN112332940B (en) * | 2020-11-06 | 2024-03-12 | 北京东土科技股份有限公司 | Data transmission method based on time synchronization network and related equipment |
CN112332940A (en) * | 2020-11-06 | 2021-02-05 | 北京东土科技股份有限公司 | Data transmission method based on time synchronization network and related equipment |
CN112436936A (en) * | 2020-11-11 | 2021-03-02 | 安徽量安通信息科技有限公司 | Cloud storage method and system with quantum encryption function |
CN112436936B (en) * | 2020-11-11 | 2022-11-01 | 安徽量安通信息科技有限公司 | Cloud storage method and system with quantum encryption function |
CN112511295A (en) * | 2020-11-12 | 2021-03-16 | 银联商务股份有限公司 | Authentication method and device for interface calling, micro-service application and key management center |
CN112511295B (en) * | 2020-11-12 | 2022-11-22 | 银联商务股份有限公司 | Authentication method and device for interface calling, micro-service application and key management center |
CN112487380B (en) * | 2020-12-16 | 2024-04-05 | 江苏国科微电子有限公司 | Data interaction method, device, equipment and medium |
CN112487380A (en) * | 2020-12-16 | 2021-03-12 | 江苏国科微电子有限公司 | Data interaction method, device, equipment and medium |
CN112612976A (en) * | 2020-12-18 | 2021-04-06 | 深圳前海微众银行股份有限公司 | Data processing method, device, equipment and storage medium |
CN114697000A (en) * | 2020-12-28 | 2022-07-01 | 深圳Tcl新技术有限公司 | Network distribution method, device, terminal and computer readable storage medium |
CN114756887A (en) * | 2021-01-08 | 2022-07-15 | 普天信息技术有限公司 | Method and device for encrypting and storing sensitive information block in file |
CN112822016B (en) * | 2021-01-25 | 2023-04-28 | 厦门市易联众易惠科技有限公司 | Method for data authorization on block chain and block chain network |
CN112822016A (en) * | 2021-01-25 | 2021-05-18 | 厦门市易联众易惠科技有限公司 | Method for performing data authorization on blockchain and blockchain network |
CN112929166A (en) * | 2021-02-03 | 2021-06-08 | 中国人民解放军火箭军工程大学 | Master station, slave station and data transmission system based on Modbus-TCP protocol |
CN112929166B (en) * | 2021-02-03 | 2022-10-04 | 中国人民解放军火箭军工程大学 | A master station, slave station and data transmission system based on Modbus-TCP protocol |
CN113422683A (en) * | 2021-03-04 | 2021-09-21 | 上海数道信息科技有限公司 | Edge cloud cooperative data transmission method, system, storage medium and terminal |
CN113010293A (en) * | 2021-03-19 | 2021-06-22 | 广州万协通信息技术有限公司 | Multithreading concurrent data encryption and decryption processing method and device and storage medium |
CN113010293B (en) * | 2021-03-19 | 2023-08-22 | 广州万协通信息技术有限公司 | Multithread concurrent data encryption and decryption processing method, device and storage medium |
CN112948867A (en) * | 2021-03-29 | 2021-06-11 | 建信金融科技有限责任公司 | Method and device for generating and decrypting encrypted message and electronic equipment |
CN113207121A (en) * | 2021-03-31 | 2021-08-03 | 中国电力科学研究院有限公司 | Key management method and system for intelligent power distribution network communication system |
CN113194465A (en) * | 2021-04-20 | 2021-07-30 | 歌尔股份有限公司 | BLE connection verification method and device between terminals and readable storage medium |
CN112839062A (en) * | 2021-04-20 | 2021-05-25 | 北京天维信通科技有限公司 | Port hiding method, device and equipment with mixed authentication signals |
CN113194465B (en) * | 2021-04-20 | 2023-11-24 | 歌尔股份有限公司 | BLE connection verification method and device between terminals and readable storage medium |
CN115250450A (en) * | 2021-04-28 | 2022-10-28 | 大唐移动通信设备有限公司 | Method and equipment for acquiring group communication key |
CN113395406B (en) * | 2021-06-23 | 2024-02-13 | 中国电力科学研究院有限公司 | An encryption authentication method and system based on power equipment fingerprints |
CN113395406A (en) * | 2021-06-23 | 2021-09-14 | 中国电力科学研究院有限公司 | Encryption authentication method and system based on power equipment fingerprints |
CN113572743A (en) * | 2021-07-02 | 2021-10-29 | 深圳追一科技有限公司 | Data encryption and decryption method and device, computer equipment and storage medium |
CN113572743B (en) * | 2021-07-02 | 2023-07-28 | 深圳追一科技有限公司 | Data encryption and decryption methods and devices, computer equipment and storage medium |
CN113591113B (en) * | 2021-07-29 | 2024-04-05 | 华控清交信息科技(北京)有限公司 | Privacy calculation method, device and system and electronic equipment |
CN113591113A (en) * | 2021-07-29 | 2021-11-02 | 华控清交信息科技(北京)有限公司 | Privacy calculation method, device and system and electronic equipment |
CN113613227B (en) * | 2021-08-09 | 2023-10-24 | 青岛海尔科技有限公司 | Data transmission method and device of Bluetooth equipment, storage medium and electronic device |
CN113613227A (en) * | 2021-08-09 | 2021-11-05 | 青岛海尔科技有限公司 | Data transmission method and device of Bluetooth equipment, storage medium and electronic device |
CN113852459A (en) * | 2021-08-13 | 2021-12-28 | 中央财经大学 | Key agreement method, device and computer readable storage medium |
CN113852459B (en) * | 2021-08-13 | 2024-03-19 | 中央财经大学 | Key agreement method, device and computer readable storage medium |
CN113674456A (en) * | 2021-08-19 | 2021-11-19 | 中国建设银行股份有限公司 | Unlocking method, unlocking device, electronic equipment and storage medium |
CN113674456B (en) * | 2021-08-19 | 2023-09-22 | 中国建设银行股份有限公司 | Unlocking method, unlocking device, electronic equipment and storage medium |
CN113676478B (en) * | 2021-08-20 | 2023-09-12 | 北京奇艺世纪科技有限公司 | Data processing method and related equipment |
CN113676478A (en) * | 2021-08-20 | 2021-11-19 | 北京奇艺世纪科技有限公司 | Data processing method and related equipment |
CN113691958B (en) * | 2021-09-02 | 2023-06-09 | 北卡科技有限公司 | SM 9-based V2X identity authentication method |
CN113691958A (en) * | 2021-09-02 | 2021-11-23 | 北卡科技有限公司 | SM 9-based V2X identity authentication method |
CN113902069A (en) * | 2021-09-18 | 2022-01-07 | 瀚辰科技有限公司 | Homing pigeon foot ring based on NFC antenna and identification method thereof |
CN114142995B (en) * | 2021-11-05 | 2023-08-22 | 支付宝(杭州)信息技术有限公司 | Key security distribution method and device for block chain relay communication network |
CN114142995A (en) * | 2021-11-05 | 2022-03-04 | 支付宝(杭州)信息技术有限公司 | Key secure distribution method and device for block chain relay communication network |
CN114022259A (en) * | 2021-11-11 | 2022-02-08 | 陕西华春网络科技股份有限公司 | Bidding method and device based on public key designation and identity verification |
CN114022259B (en) * | 2021-11-11 | 2023-08-25 | 陕西华春网络科技股份有限公司 | Bidding method and device based on public key assignment and identity verification |
CN114221784A (en) * | 2021-11-12 | 2022-03-22 | 招银云创信息技术有限公司 | Data transmission method and computer equipment |
CN114221784B (en) * | 2021-11-12 | 2024-04-09 | 招银云创信息技术有限公司 | Data transmission method and computer equipment |
CN114051031B (en) * | 2021-11-16 | 2024-05-10 | 中国电信股份有限公司 | Encryption communication method, system, equipment and storage medium based on distributed identity |
CN114051031A (en) * | 2021-11-16 | 2022-02-15 | 中国电信股份有限公司 | Encryption communication method, system, equipment and storage medium based on distributed identity |
CN114095256B (en) * | 2021-11-23 | 2023-09-26 | 广州市诺的电子有限公司 | Terminal authentication method, system, equipment and storage medium based on edge calculation |
CN114095256A (en) * | 2021-11-23 | 2022-02-25 | 广州市诺的电子有限公司 | Terminal authentication method, system, equipment and storage medium based on edge calculation |
CN114139180A (en) * | 2021-11-29 | 2022-03-04 | 厦门熵基科技有限公司 | Method and device for processing secret key |
CN114448613B (en) * | 2021-12-21 | 2024-01-26 | 北京邮电大学 | Physical layer key generation method and device of communication system and electronic equipment |
CN114448613A (en) * | 2021-12-21 | 2022-05-06 | 北京邮电大学 | Physical layer key generation method and device of communication system and electronic equipment |
CN114205083A (en) * | 2021-12-22 | 2022-03-18 | 中国电信股份有限公司 | SRv 6-based security authentication method, network node and authentication system |
CN114297618A (en) * | 2021-12-28 | 2022-04-08 | 北京深思数盾科技股份有限公司 | Authorization code generation method, identity authentication method, terminal, server and medium |
CN114338184A (en) * | 2021-12-29 | 2022-04-12 | 中国电信股份有限公司 | Communication encryption method, device, nonvolatile storage medium and processor |
CN114389804B (en) * | 2021-12-30 | 2024-04-30 | 中国电信股份有限公司 | Intelligent terminal control method and device, electronic equipment and storage medium |
CN114389804A (en) * | 2021-12-30 | 2022-04-22 | 中国电信股份有限公司 | Intelligent terminal control method and device, electronic equipment and storage medium |
CN114244513A (en) * | 2021-12-31 | 2022-03-25 | 日晷科技(上海)有限公司 | Key agreement method, device and storage medium |
CN114244513B (en) * | 2021-12-31 | 2024-02-09 | 日晷科技(上海)有限公司 | Key negotiation method, device and storage medium |
CN114398602B (en) * | 2022-01-11 | 2024-05-10 | 国家计算机网络与信息安全管理中心 | Internet of things terminal identity authentication method based on edge calculation |
CN114398602A (en) * | 2022-01-11 | 2022-04-26 | 国家计算机网络与信息安全管理中心 | Internet of things terminal identity authentication method based on edge calculation |
CN114419765A (en) * | 2022-01-18 | 2022-04-29 | 上汽通用五菱汽车股份有限公司 | Method and device for realizing vehicle safety control by NFC card and readable storage medium |
CN114172745A (en) * | 2022-01-19 | 2022-03-11 | 中电华瑞技术有限公司 | Internet of things security protocol system |
CN114422251B (en) * | 2022-01-21 | 2024-02-13 | 晋商博创(北京)科技有限公司 | Cloud-based multi-factor password processing method, device and storage medium |
CN114422251A (en) * | 2022-01-21 | 2022-04-29 | 晋商博创(北京)科技有限公司 | Cloud-based multi-factor password processing method, device and storage medium |
CN114697956A (en) * | 2022-01-26 | 2022-07-01 | 深圳市三诺数字科技有限公司 | Secure communication method based on double links and related equipment thereof |
CN114244630A (en) * | 2022-02-15 | 2022-03-25 | 北京指掌易科技有限公司 | Communication method, device, equipment and storage medium |
CN114363088A (en) * | 2022-02-18 | 2022-04-15 | 京东科技信息技术有限公司 | Method and device for requesting data |
CN114363088B (en) * | 2022-02-18 | 2024-04-16 | 京东科技信息技术有限公司 | Method and device for requesting data |
CN114362946B (en) * | 2022-03-10 | 2022-06-07 | 北京得瑞领新科技有限公司 | Key agreement method and system |
CN114362946A (en) * | 2022-03-10 | 2022-04-15 | 北京得瑞领新科技有限公司 | Key agreement method and system |
CN114650175A (en) * | 2022-03-21 | 2022-06-21 | 网宿科技股份有限公司 | A verification method and device |
CN114650175B (en) * | 2022-03-21 | 2024-04-02 | 网宿科技股份有限公司 | A verification method and device |
CN115913602A (en) * | 2022-03-22 | 2023-04-04 | 中国电力科学研究院有限公司 | A method and system for networking and interconnection communication of electric energy meters in a metering box |
CN114817956A (en) * | 2022-04-19 | 2022-07-29 | 珠海全志科技股份有限公司 | USB communication object verification method, system, device and storage medium |
CN114915416B (en) * | 2022-04-20 | 2024-05-31 | 中金金融认证中心有限公司 | Method for encrypting file, method for decrypting and verifying file and related products |
CN114915416A (en) * | 2022-04-20 | 2022-08-16 | 中金金融认证中心有限公司 | Method for encrypting file, method for verifying decryption and related products |
CN114900348A (en) * | 2022-04-28 | 2022-08-12 | 福建福链科技有限公司 | Block chain sensor data verification method and terminal |
CN114900348B (en) * | 2022-04-28 | 2024-01-30 | 福建福链科技有限公司 | Block chain sensor data verification method and terminal |
CN114662087A (en) * | 2022-05-20 | 2022-06-24 | 广州万协通信息技术有限公司 | Multi-terminal verification security chip firmware updating method and device |
CN114662087B (en) * | 2022-05-20 | 2022-09-02 | 广州万协通信息技术有限公司 | Multi-terminal verification security chip firmware updating method and device |
CN115102745B (en) * | 2022-06-16 | 2023-10-27 | 慧之安信息技术股份有限公司 | Lightweight-based terminal identity security authentication method for Internet of things |
CN115102745A (en) * | 2022-06-16 | 2022-09-23 | 慧之安信息技术股份有限公司 | Internet of things terminal identity security authentication method based on lightweight |
CN115037552A (en) * | 2022-06-29 | 2022-09-09 | 北京大甜绵白糖科技有限公司 | Authentication method, device, equipment and storage medium |
CN115174195A (en) * | 2022-06-30 | 2022-10-11 | 中国第一汽车股份有限公司 | Database file processing method, encryption terminal and decryption terminal |
CN114884659A (en) * | 2022-07-08 | 2022-08-09 | 北京智芯微电子科技有限公司 | Key agreement method, gateway, terminal device and storage medium |
CN114978554A (en) * | 2022-07-29 | 2022-08-30 | 广州匠芯创科技有限公司 | Software authorization authentication system and method |
CN114978554B (en) * | 2022-07-29 | 2022-10-18 | 广州匠芯创科技有限公司 | Software authorization authentication system and method |
WO2024027070A1 (en) * | 2022-08-03 | 2024-02-08 | 中国电力科学研究院有限公司 | Terminal device authentication method and system based on identification public key, and computer-readable storage medium |
CN115348066A (en) * | 2022-08-05 | 2022-11-15 | 昆仑数智科技有限责任公司 | Data encryption transmission method and device, electronic equipment and storage medium |
CN115348066B (en) * | 2022-08-05 | 2023-03-28 | 昆仑数智科技有限责任公司 | Data encryption transmission method and device, electronic equipment and storage medium |
CN115348076B (en) * | 2022-08-12 | 2024-02-06 | 天翼数字生活科技有限公司 | Equipment security authentication method and system based on attribute encryption and related devices thereof |
CN115348076A (en) * | 2022-08-12 | 2022-11-15 | 天翼数字生活科技有限公司 | Equipment security authentication method based on attribute encryption and related device thereof |
WO2024031868A1 (en) * | 2022-08-12 | 2024-02-15 | 天翼数字生活科技有限公司 | Attribute encryption-based device security authentication method and related apparatus thereof |
CN115603940A (en) * | 2022-08-29 | 2023-01-13 | 湖南云箭智能科技有限公司(Cn) | Board card bidirectional network access authentication method and device and board card |
CN115426182A (en) * | 2022-09-01 | 2022-12-02 | 中国联合网络通信集团有限公司 | Information retrieval method, device and electronic equipment |
CN115426182B (en) * | 2022-09-01 | 2024-04-30 | 中国联合网络通信集团有限公司 | Information retrieving method and device and electronic equipment |
CN115134177B (en) * | 2022-09-02 | 2022-11-18 | 国网瑞嘉(天津)智能机器人有限公司 | Networking encryption communication method and device, server equipment and terminal equipment |
CN115134177A (en) * | 2022-09-02 | 2022-09-30 | 国网瑞嘉(天津)智能机器人有限公司 | Networking encryption communication method and device, server equipment and terminal equipment |
CN115499199A (en) * | 2022-09-14 | 2022-12-20 | 重庆长安汽车股份有限公司 | Vehicle safety communication method and device, vehicle and storage medium |
CN115314204A (en) * | 2022-10-11 | 2022-11-08 | 南京易科腾信息技术有限公司 | Random number generation method, device and storage medium |
CN115314204B (en) * | 2022-10-11 | 2022-12-16 | 南京易科腾信息技术有限公司 | Random number generation method, device and storage medium |
CN115834167A (en) * | 2022-11-14 | 2023-03-21 | 国网福建省电力有限公司龙岩供电公司 | Encryption transmission method and system for network data |
CN115577019A (en) * | 2022-12-07 | 2023-01-06 | 杭州恒生数字设备科技有限公司 | Spoken language testing method, device, equipment and storage medium |
CN116032577A (en) * | 2022-12-19 | 2023-04-28 | 北京成鑫盈通科技有限公司 | System, method, medium and terminal for realizing end-to-end data security transmission of terminal equipment |
CN115933993B (en) * | 2023-01-04 | 2023-05-30 | 山东省地质矿产勘查开发局八〇一水文地质工程地质大队(山东省地矿工程勘察院) | Karst fracture network type aqueous medium antifouling function evaluation system and method |
CN115933993A (en) * | 2023-01-04 | 2023-04-07 | 山东省地质矿产勘查开发局八〇一水文地质工程地质大队(山东省地矿工程勘察院) | System and method for evaluating antifouling function of karst fracture network type aqueous medium |
CN116055207B (en) * | 2023-01-31 | 2023-10-03 | 深圳市圣驼储能技术有限公司 | Encryption method and system for communication data of Internet of things |
CN116055207A (en) * | 2023-01-31 | 2023-05-02 | 深圳市圣驼储能技术有限公司 | Encryption method and system for communication data of Internet of things |
CN115941183B (en) * | 2023-02-27 | 2023-10-13 | 紫光同芯微电子有限公司 | Biological information processing method and related device |
CN115941183A (en) * | 2023-02-27 | 2023-04-07 | 紫光同芯微电子有限公司 | Biological information processing method and related device |
CN116208949A (en) * | 2023-05-05 | 2023-06-02 | 北京智芯微电子科技有限公司 | Encryption transmission method and system for communication message, sending terminal and receiving terminal |
CN117118756A (en) * | 2023-10-23 | 2023-11-24 | 中关村芯海择优科技有限公司 | Data interaction method, device, computer equipment and computer readable storage medium |
CN117118756B (en) * | 2023-10-23 | 2024-01-16 | 中关村芯海择优科技有限公司 | Data interaction method, device, computer equipment and computer readable storage medium |
CN117176479A (en) * | 2023-11-02 | 2023-12-05 | 北京安博通科技股份有限公司 | A method, device and electronic equipment for bypass decryption of state secret traffic audit |
CN117744038A (en) * | 2023-12-24 | 2024-03-22 | 中信出版集团股份有限公司 | Copyright protection system and method for digital content |
CN117744038B (en) * | 2023-12-24 | 2024-06-11 | 中信出版集团股份有限公司 | Copyright protection system and method for digital content |
CN118101298A (en) * | 2024-03-14 | 2024-05-28 | 北京数软科技有限公司 | Data encryption transmission method, device, computer equipment, medium and program product |
TWI871236B (en) * | 2024-05-15 | 2025-01-21 | 中華電信股份有限公司 | Key negotiation system and method based on post-quantum cryptography |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018076365A1 (en) | Key negotiation method and device | |
CN106603485B (en) | Key agreement method and device | |
JP6168415B2 (en) | Terminal authentication system, server device, and terminal authentication method | |
CN103763356B (en) | A kind of SSL establishment of connection method, apparatus and system | |
WO2018050081A1 (en) | Device identity authentication method and apparatus, electric device, and storage medium | |
CN107454079B (en) | Lightweight device authentication and shared key agreement method based on IoT platform | |
WO2017028593A1 (en) | Method for making a network access device access a wireless network access point, network access device, application server, and non-volatile computer readable storage medium | |
CN107040513B (en) | Trusted access authentication processing method, user terminal and server | |
JP7292263B2 (en) | Method and apparatus for managing digital certificates | |
US20140298037A1 (en) | Method, apparatus, and system for securely transmitting data | |
WO2018127081A1 (en) | Method and system for obtaining encryption key | |
CN109302412B (en) | VoIP communication processing method based on CPK, terminal, server and storage medium | |
WO2018045817A1 (en) | Mobile network authentication method, terminal device, server and network authentication entity | |
CN108353279B (en) | An authentication method and an authentication system | |
EP3051744A1 (en) | Key configuration method and apparatus | |
JP6548172B2 (en) | Terminal authentication system, server device, and terminal authentication method | |
US20140281493A1 (en) | Provisioning sensitive data into third party | |
CN104836784B (en) | A kind of information processing method, client and server | |
CN113225352A (en) | Data transmission method and device, electronic equipment and storage medium | |
CN108847938A (en) | A kind of connection method for building up and device | |
WO2016011588A1 (en) | Mobility management entity, home server, terminal, and identity authentication system and method | |
US20210392004A1 (en) | Apparatus and method for authenticating device based on certificate using physical unclonable function | |
CN105791258A (en) | A data transmission method, terminal and open platform | |
KR100668446B1 (en) | How to move secure authentication information | |
CN102916810A (en) | Method, system and apparatus for authenticating sensor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16920134 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 02.10.2019) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16920134 Country of ref document: EP Kind code of ref document: A1 |